Message ID | 20200110220353.3043-2-michael@niedermayer.cc |
---|---|
State | Accepted |
Headers | show |
Series | [FFmpeg-devel,1/3] avcodec/ralf: Fix integer overflow in apply_lpc() | expand |
Context | Check | Description |
---|---|---|
andriy/ffmpeg-patchwork | success | Make fate finished |
On Fri, Jan 10, 2020 at 11:03:52PM +0100, Michael Niedermayer wrote: > Fixes: out of array access > Fixes: 19892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5707525924323328 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/agm.c | 5 +++++ > 1 file changed, 5 insertions(+) will apply [...]
diff --git a/libavcodec/agm.c b/libavcodec/agm.c index 80f4697ee5..a874226c28 100644 --- a/libavcodec/agm.c +++ b/libavcodec/agm.c @@ -1239,6 +1239,11 @@ static av_cold int decode_init(AVCodecContext *avctx) s->dct = avctx->codec_tag != MKTAG('A', 'G', 'M', '4') && avctx->codec_tag != MKTAG('A', 'G', 'M', '5'); + if (!s->rgb && !s->dct) { + if ((avctx->width & 1) || (avctx->height & 1)) + return AVERROR_INVALIDDATA; + } + avctx->idct_algo = FF_IDCT_SIMPLE; ff_idctdsp_init(&s->idsp, avctx); ff_init_scantable(s->idsp.idct_permutation, &s->scantable, ff_zigzag_direct);
Fixes: out of array access Fixes: 19892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5707525924323328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/agm.c | 5 +++++ 1 file changed, 5 insertions(+)