diff mbox series

[FFmpeg-devel,4/6] avcodec/qdrw: adjust max colors to array size

Message ID 20220703003152.17850-4-michael@niedermayer.cc
State Accepted
Commit cd847f86d31f87f0f7733ca6ab7a2c022a1398bd
Headers show
Series [FFmpeg-devel,1/6] avcodec/wnv1: Check for width =1 | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

Michael Niedermayer July 3, 2022, 12:31 a.m. UTC
Fixes: out of array access
Fixes: 48429/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_QDRAW_fuzzer-4608329791438848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/qdrw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Paul B Mahol July 3, 2022, 8:15 a.m. UTC | #1
lgtm
Michael Niedermayer July 3, 2022, 5:11 p.m. UTC | #2
On Sun, Jul 03, 2022 at 10:15:02AM +0200, Paul B Mahol wrote:
> lgtm

will apply

thx

[...]
diff mbox series

Patch

diff --git a/libavcodec/qdrw.c b/libavcodec/qdrw.c
index 849d4a5cad..ff8f97713d 100644
--- a/libavcodec/qdrw.c
+++ b/libavcodec/qdrw.c
@@ -368,7 +368,7 @@  static int decode_frame(AVCodecContext *avctx, AVFrame *p,
             bytestream2_skip(&gbc, 18);
             colors = bytestream2_get_be16(&gbc);
 
-            if (colors < 0 || colors > 256) {
+            if (colors < 0 || colors > 255) {
                 av_log(avctx, AV_LOG_ERROR,
                        "Error color count - %i(0x%X)\n", colors, colors);
                 return AVERROR_INVALIDDATA;