avcodec/loco: Limit lossy parameter so it is sane and does not overflow

Fixes: 15248/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5087440458481664 Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit ce3b0b9066b433564ed3ee3eed3a1e8f2c0834a1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2019-06-15 21:47:16 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2019-11-14 23:30:37 +0100
commit: 65326b27b615163cb1d68b6673dcd924aa3b0d23 (patch)
tree: d62f5af78c7d339a25b77dd72e3c7ec98188e5b5
parent: a77473d040d6cd6246146082fcb4810e142867e5 (diff)
download: ffmpeg-65326b27b615163cb1d68b6673dcd924aa3b0d23.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/loco.c b/libavcodec/loco.c
index 9d0f144451..9a309fd063 100644
--- a/libavcodec/loco.c
+++ b/libavcodec/loco.c
@@ -293,6 +293,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
         avpriv_request_sample(avctx, "LOCO codec version %i", version);
     }
 
+    if (l->lossy > 65536U) {
+        av_log(avctx, AV_LOG_ERROR, "lossy %i is too large\n", l->lossy);
+        return AVERROR_INVALIDDATA;
+    }
+
     l->mode = AV_RL32(avctx->extradata + 4);
     switch (l->mode) {
     case LOCO_CYUY2:
author	Michael Niedermayer <michael@niedermayer.cc>	2019-06-15 21:47:16 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2019-11-14 23:30:37 +0100
commit	65326b27b615163cb1d68b6673dcd924aa3b0d23 (patch)
tree	d62f5af78c7d339a25b77dd72e3c7ec98188e5b5
parent	a77473d040d6cd6246146082fcb4810e142867e5 (diff)
download	ffmpeg-65326b27b615163cb1d68b6673dcd924aa3b0d23.tar.gz