avformat/vividas: check for tiny blocks using alignment

Ask for a sample for these Fixes: out of array access Fixes: 16624/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5762455661182976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 55d4e22d71ca75223ee61f7d2535fdc6e9991026) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2019-08-31 23:20:01 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2019-09-06 23:00:46 +0200
commit: 5a1e0cae2f78b10cc7ab6cd41d6908c4ae89276f (patch)
tree: 4236d796355729d32db7b1637d6cdc3679b9a211
parent: d3b45f137882e16809295405ac2076a4872dc814 (diff)
download: ffmpeg-5a1e0cae2f78b10cc7ab6cd41d6908c4ae89276f.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libavformat/vividas.c b/libavformat/vividas.c
index 645e322b6e..1ac86a107e 100644
--- a/libavformat/vividas.c
+++ b/libavformat/vividas.c
@@ -153,6 +153,10 @@ static void decode_block(uint8_t *src, uint8_t *dest, unsigned size,
 
     if (align) {
         uint32_t tmpkey = *key_ptr - key;
+        if (a2 > s) {
+            a2 = s;
+            avpriv_request_sample(NULL, "tiny aligned block\n");
+        }
         memcpy(tmp + align, src, a2);
         xor_block(tmp, tmp, 4, key, &tmpkey);
         memcpy(dest, tmp + align, a2);
author	Michael Niedermayer <michael@niedermayer.cc>	2019-08-31 23:20:01 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2019-09-06 23:00:46 +0200
commit	5a1e0cae2f78b10cc7ab6cd41d6908c4ae89276f (patch)
tree	4236d796355729d32db7b1637d6cdc3679b9a211
parent	d3b45f137882e16809295405ac2076a4872dc814 (diff)
download	ffmpeg-5a1e0cae2f78b10cc7ab6cd41d6908c4ae89276f.tar.gz