avcodec/motionpixels: Check for vlc error in mp_get_vlc()

Fixes: 15246/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOTIONPIXELS_fuzzer-5168534407086080 Fixes: runtime error: index -1 out of bounds for type 'HuffCode [16]' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 930cdef80ab695132d3de2128c3c23f2d698918b) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2019-06-15 21:08:31 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2019-12-02 19:41:48 +0100
commit: 7ddb5fcbace0b7f6ae7ece95d764dff647b5187b (patch)
tree: ac293407533052b90e8bf93ddbaae0f4c4245591
parent: 1d288d16d871548ac2dd6f52b5eab5d7fe4dc8d3 (diff)
download: ffmpeg-7ddb5fcbace0b7f6ae7ece95d764dff647b5187b.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/motionpixels.c b/libavcodec/motionpixels.c
index a88b837b3e..73977664a5 100644
--- a/libavcodec/motionpixels.c
+++ b/libavcodec/motionpixels.c
@@ -201,6 +201,8 @@ static int mp_get_vlc(MotionPixelsContext *mp, GetBitContext *gb)
     int i;
 
     i = (mp->codes_count == 1) ? 0 : get_vlc2(gb, mp->vlc.table, mp->max_codes_bits, 1);
+    if (i < 0)
+        return i;
     return mp->codes[i].delta;
 }
author	Michael Niedermayer <michael@niedermayer.cc>	2019-06-15 21:08:31 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2019-12-02 19:41:48 +0100
commit	7ddb5fcbace0b7f6ae7ece95d764dff647b5187b (patch)
tree	ac293407533052b90e8bf93ddbaae0f4c4245591
parent	1d288d16d871548ac2dd6f52b5eab5d7fe4dc8d3 (diff)
download	ffmpeg-7ddb5fcbace0b7f6ae7ece95d764dff647b5187b.tar.gz