Message ID | 20220703141811.29914-4-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 78b95530f0a1f04864079614b251b765b1ee77ec |
Headers | show |
Series | [FFmpeg-devel,1/4] avcodec/ffv1dec_template: Fix indention | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
andriy/make_armv7_RPi4 | success | Make finished |
andriy/make_fate_armv7_RPi4 | success | Make fate finished |
diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index 7731c15c87..01ddcaa512 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -879,6 +879,14 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *rframe, p->key_frame = 0; } + if (f->ac != AC_GOLOMB_RICE) { + if (buf_size < avctx->width * avctx->height / (128*8)) + return AVERROR_INVALIDDATA; + } else { + if (buf_size < avctx->height / 8) + return AVERROR_INVALIDDATA; + } + ret = ff_thread_get_ext_buffer(avctx, &f->picture, AV_GET_BUFFER_FLAG_REF); if (ret < 0) return ret;
Fixes: Timeout Fixes: 48619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5793597923917824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/ffv1dec.c | 8 ++++++++ 1 file changed, 8 insertions(+)