avcodec/msrle: Check that the input is large enough to contain a end of picture code

Fixes: Timeout Fixes: 10625/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSRLE_fuzzer-5659651283091456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 203ccb8746997777ce66beadd53b4631d217b9cd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2018-10-21 14:40:14 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2018-10-25 00:24:29 +0200
commit: 82e796a4c9ccaf2765c0a1e85dbcec73733f4246 (patch)
tree: b06dd59b9b0279464b38b80039e5b238be30fb73
parent: 1dbf2bc7a958684df11c94ba65d1d655e1a0cb61 (diff)
download: ffmpeg-82e796a4c9ccaf2765c0a1e85dbcec73733f4246.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/msrle.c b/libavcodec/msrle.c
index 33b157bc75..23858fe6d0 100644
--- a/libavcodec/msrle.c
+++ b/libavcodec/msrle.c
@@ -95,6 +95,9 @@ static int msrle_decode_frame(AVCodecContext *avctx,
     s->buf = buf;
     s->size = buf_size;
 
+    if (buf_size < 2) //Minimally a end of picture code should be there
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_reget_buffer(avctx, s->frame)) < 0)
         return ret;
author	Michael Niedermayer <michael@niedermayer.cc>	2018-10-21 14:40:14 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2018-10-25 00:24:29 +0200
commit	82e796a4c9ccaf2765c0a1e85dbcec73733f4246 (patch)
tree	b06dd59b9b0279464b38b80039e5b238be30fb73
parent	1dbf2bc7a958684df11c94ba65d1d655e1a0cb61 (diff)
download	ffmpeg-82e796a4c9ccaf2765c0a1e85dbcec73733f4246.tar.gz