Message ID | 20230416164830.15664-8-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 19b66b89da4b4ff086dc1fc79bbf540e82bdbcb4 |
Headers | show |
Series | [FFmpeg-devel,01/11] avcodec/adpcm: Fix integer overflow in intermediate in ADPCM_XMD | expand |
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
diff --git a/libavcodec/tak.c b/libavcodec/tak.c index f26574c968e..48fe83381f1 100644 --- a/libavcodec/tak.c +++ b/libavcodec/tak.c @@ -169,6 +169,9 @@ int ff_tak_decode_frame_header(AVCodecContext *avctx, GetBitContext *gb, if (ti->flags & TAK_FRAME_FLAG_HAS_METADATA) return AVERROR_INVALIDDATA; + if (get_bits_left(gb) < 24) + return AVERROR_INVALIDDATA; + skip_bits(gb, 24); return 0;
Fixes: out of array access Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TAK_fuzzer-6682195323650048 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/tak.c | 3 +++ 1 file changed, 3 insertions(+)