diff mbox series

[FFmpeg-devel,3/4] avcodec/svq1dec: Check that there is data left after the hader

Message ID 20200218235919.9360-3-michael@niedermayer.cc
State Accepted
Commit 55e344ee5aa6f6e04e50bbac457e0ca53433ab75
Headers show
Series [FFmpeg-devel,1/4] avcodec/qdm2: Check fft_coefs_index | expand

Checks

Context Check Description
andriy/ffmpeg-patchwork success Make fate finished

Commit Message

Michael Niedermayer Feb. 18, 2020, 11:59 p.m. UTC 
Fixes: Timeout (21sec -> 255ms)
Fixes: 20709/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ1_fuzzer-5085075089915904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/svq1dec.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Moritz Barsnick Feb. 23, 2020, 11:39 p.m. UTC | #1 
On Wed, Feb 19, 2020 at 00:59:18 +0100, Michael Niedermayer wrote:
> Subject: [FFmpeg-devel] [PATCH 3/4] avcodec/svq1dec: Check that there is data left after the hader

Nit: hader -> header

Moritz
Michael Niedermayer April 29, 2020, 9:33 p.m. UTC | #2 
On Mon, Feb 24, 2020 at 12:39:15AM +0100, Moritz Barsnick wrote:
> On Wed, Feb 19, 2020 at 00:59:18 +0100, Michael Niedermayer wrote:
> > Subject: [FFmpeg-devel] [PATCH 3/4] avcodec/svq1dec: Check that there is data left after the hader
> 
> Nit: hader -> header

will apply with that fixed

thx

[...]
diff mbox series

Patch

diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c
index d3e60c3a4a..b61ae348d2 100644
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -602,6 +602,8 @@  static int svq1_decode_frame_header(AVCodecContext *avctx, AVFrame *frame)
         if (skip_1stop_8data_bits(bitbuf) < 0)
             return AVERROR_INVALIDDATA;
     }
+    if (get_bits_left(bitbuf) <= 0)
+        return AVERROR_INVALIDDATA;
 
     s->width  = width;
     s->height = height;