Message ID | 20191213002810.6440-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Headers | show |
On Fri, Dec 13, 2019 at 01:28:06AM +0100, Michael Niedermayer wrote: > Fixes: Timeout (114sec ->108ms) > Fixes: 19290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5740598116220928 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/iff.c | 3 +++ > 1 file changed, 3 insertions(+) will apply [...]
diff --git a/libavcodec/iff.c b/libavcodec/iff.c index 0656ae5509..6ba58b5bcd 100644 --- a/libavcodec/iff.c +++ b/libavcodec/iff.c @@ -1352,6 +1352,9 @@ static void decode_delta_d(uint8_t *dst, bytestream2_init(&gb, buf + ofssrc, buf_end - (buf + ofssrc)); entries = bytestream2_get_be32(&gb); + if (entries * 8LL > bytestream2_get_bytes_left(&gb)) + return; + while (entries && bytestream2_get_bytes_left(&gb) >= 8) { int32_t opcode = bytestream2_get_be32(&gb); unsigned offset = bytestream2_get_be32(&gb);
Fixes: Timeout (114sec ->108ms) Fixes: 19290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5740598116220928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/iff.c | 3 +++ 1 file changed, 3 insertions(+)