aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2018-10-21 14:40:14 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2018-10-25 00:24:29 +0200
commit82e796a4c9ccaf2765c0a1e85dbcec73733f4246 (patch)
treeb06dd59b9b0279464b38b80039e5b238be30fb73
parent1dbf2bc7a958684df11c94ba65d1d655e1a0cb61 (diff)
downloadffmpeg-82e796a4c9ccaf2765c0a1e85dbcec73733f4246.tar.gz
avcodec/msrle: Check that the input is large enough to contain a end of picture code
Fixes: Timeout Fixes: 10625/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSRLE_fuzzer-5659651283091456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 203ccb8746997777ce66beadd53b4631d217b9cd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavcodec/msrle.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/msrle.c b/libavcodec/msrle.c
index 33b157bc75..23858fe6d0 100644
--- a/libavcodec/msrle.c
+++ b/libavcodec/msrle.c
@@ -95,6 +95,9 @@ static int msrle_decode_frame(AVCodecContext *avctx,
s->buf = buf;
s->size = buf_size;
+ if (buf_size < 2) //Minimally a end of picture code should be there
+ return AVERROR_INVALIDDATA;
+
if ((ret = ff_reget_buffer(avctx, s->frame)) < 0)
return ret;