avcodec/vc1: Check for excessive resolution

Fixes: overflow in aspect ratio calculation
Fixes: signed integer overflow: 393215 * 14594 cannot be represented in type 'int'
Fixes: 15728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5661588893204480

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

1 files changed, 5 insertions, 1 deletions

diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c
index 42bfca55b1..13119bd0b3 100644
--- a/libavcodec/vc1.c
+++ b/libavcodec/vc1.c
@@ -451,7 +451,11 @@ static int decode_sequence_header_adv(VC1Context *v, GetBitContext *gb)
             h = get_bits(gb, 8) + 1;
             v->s.avctx->sample_aspect_ratio = (AVRational){w, h};
         } else {
-            av_reduce(&v->s.avctx->sample_aspect_ratio.num,
+            if (v->s.avctx->width  > v->max_coded_width ||
+                v->s.avctx->height > v->max_coded_height) {
+                avpriv_request_sample(v->s.avctx, "Huge resolution");
+            } else
+                av_reduce(&v->s.avctx->sample_aspect_ratio.num,
                       &v->s.avctx->sample_aspect_ratio.den,
                       v->s.avctx->height * w,
                       v->s.avctx->width * h,