diff mbox series

[FFmpeg-devel,1/2] avcodec/8bps: Consider width in the minimal size check

Message ID 20240225232353.23735-1-michael@niedermayer.cc
State Accepted
Commit 5db09574dfd40d3e15db9336a34398405a1c601b
Headers show
Series [FFmpeg-devel,1/2] avcodec/8bps: Consider width in the minimal size check | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

Michael Niedermayer Feb. 25, 2024, 11:23 p.m. UTC 
Fixes: Timeout
Fixes: 64479/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5434435386081280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/8bps.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer March 10, 2024, 5:58 p.m. UTC | #1 
On Mon, Feb 26, 2024 at 12:23:52AM +0100, Michael Niedermayer wrote:
> Fixes: Timeout
> Fixes: 64479/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EIGHTBPS_fuzzer-5434435386081280
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/8bps.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply

[...]
diff mbox series

Patch

diff --git a/libavcodec/8bps.c b/libavcodec/8bps.c
index 11b9f526b7..0060c46d09 100644
--- a/libavcodec/8bps.c
+++ b/libavcodec/8bps.c
@@ -63,7 +63,7 @@  static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
     unsigned int planes = c->planes;
     int ret;
 
-    if (buf_size < planes * height * 2)
+    if (buf_size < planes * height * (2 + 2*((avctx->width+128)/129)))
         return AVERROR_INVALIDDATA;
 
     if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)