| Message ID | 20170226192802.4486-2-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 63e400a8807dca7b0ffa3841df2e31f7419abb8d |
| Headers | show |
diff --git a/libavcodec/pictordec.c b/libavcodec/pictordec.c index a3d72e3f25..a09ee379c0 100644 --- a/libavcodec/pictordec.c +++ b/libavcodec/pictordec.c @@ -77,10 +77,10 @@ static void picmemset(PicContext *s, AVFrame *frame, int value, int run, if (*y < 0) { *y = s->height - 1; *plane += 1; - value <<= bits_per_plane; - mask <<= bits_per_plane; if (*plane >= s->nb_planes) return; + value <<= bits_per_plane; + mask <<= bits_per_plane; } } }
Fixes integer overflow Fixes: 675/clusterfuzz-testcase-6722971232108544 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/pictordec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)