diff mbox series

[FFmpeg-devel,4/4] avcodec/tdsc: Only reallocate deflatebuffer if its size changed

Message ID 20200618122026.24534-4-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel,1/4] avcodec/mv30: Fix integer overflows in idct2_1d()
Related show

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Michael Niedermayer June 18, 2020, 12:20 p.m. UTC
Fixes: Timeout (47sec -> 35msec)
Fixes: 23375/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TDSC_fuzzer-5633949497032704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/tdsc.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)
diff mbox series

Patch

diff --git a/libavcodec/tdsc.c b/libavcodec/tdsc.c
index eaea41c1f5..cd03558ecd 100644
--- a/libavcodec/tdsc.c
+++ b/libavcodec/tdsc.c
@@ -530,10 +530,15 @@  static int tdsc_decode_frame(AVCodecContext *avctx, void *data,
 
     /* Resize deflate buffer on resolution change */
     if (ctx->width != avctx->width || ctx->height != avctx->height) {
-        ctx->deflatelen = avctx->width * avctx->height * (3 + 1);
-        ret = av_reallocp(&ctx->deflatebuffer, ctx->deflatelen);
-        if (ret < 0)
-            return ret;
+        int deflatelen = avctx->width * avctx->height * (3 + 1);
+        if (deflatelen != ctx->deflatelen) {
+            ctx->deflatelen =deflatelen;
+            ret = av_reallocp(&ctx->deflatebuffer, ctx->deflatelen);
+            if (ret < 0) {
+                ctx->deflatelen = 0;
+                return ret;
+            }
+        }
     }
     dlen = ctx->deflatelen;