diff mbox series

[FFmpeg-devel,2/3] avcodec/agm: YUV420 without DCT needs even dimensions

Message ID 20200110220353.3043-2-michael@niedermayer.cc
State Accepted
Headers show
Series [FFmpeg-devel,1/3] avcodec/ralf: Fix integer overflow in apply_lpc() | expand

Checks

Context Check Description
andriy/ffmpeg-patchwork success Make fate finished

Commit Message

Michael Niedermayer Jan. 10, 2020, 10:03 p.m. UTC 
Fixes: out of array access
Fixes: 19892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5707525924323328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/agm.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Michael Niedermayer Feb. 9, 2020, 8:27 p.m. UTC | #1 
On Fri, Jan 10, 2020 at 11:03:52PM +0100, Michael Niedermayer wrote:
> Fixes: out of array access
> Fixes: 19892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5707525924323328
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/agm.c | 5 +++++
>  1 file changed, 5 insertions(+)

will apply

[...]
diff mbox series

Patch

diff --git a/libavcodec/agm.c b/libavcodec/agm.c
index 80f4697ee5..a874226c28 100644
--- a/libavcodec/agm.c
+++ b/libavcodec/agm.c
@@ -1239,6 +1239,11 @@  static av_cold int decode_init(AVCodecContext *avctx)
     s->dct = avctx->codec_tag != MKTAG('A', 'G', 'M', '4') &&
              avctx->codec_tag != MKTAG('A', 'G', 'M', '5');
 
+    if (!s->rgb && !s->dct) {
+        if ((avctx->width & 1) || (avctx->height & 1))
+            return AVERROR_INVALIDDATA;
+    }
+
     avctx->idct_algo = FF_IDCT_SIMPLE;
     ff_idctdsp_init(&s->idsp, avctx);
     ff_init_scantable(s->idsp.idct_permutation, &s->scantable, ff_zigzag_direct);