aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2020-01-10 21:30:38 +0100
committerMichael Niedermayer <michael@niedermayer.cc>2020-02-09 23:33:18 +0100
commita98eeb0c1e867238905ed095b48184f706adf328 (patch)
tree73ae96c8f43f255d7153650cc2cd919e39cd99b5
parentda399e213523867dea1229e8f0fd955fed0410e7 (diff)
downloadffmpeg-a98eeb0c1e867238905ed095b48184f706adf328.tar.gz
avcodec/agm: YUV420 without DCT needs even dimensions
Fixes: out of array access Fixes: 19892/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5707525924323328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavcodec/agm.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/agm.c b/libavcodec/agm.c
index c5c9a88dd9..bc9dfc02f3 100644
--- a/libavcodec/agm.c
+++ b/libavcodec/agm.c
@@ -1242,6 +1242,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
s->dct = avctx->codec_tag != MKTAG('A', 'G', 'M', '4') &&
avctx->codec_tag != MKTAG('A', 'G', 'M', '5');
+ if (!s->rgb && !s->dct) {
+ if ((avctx->width & 1) || (avctx->height & 1))
+ return AVERROR_INVALIDDATA;
+ }
+
avctx->idct_algo = FF_IDCT_SIMPLE;
ff_idctdsp_init(&s->idsp, avctx);
ff_init_scantable(s->idsp.idct_permutation, &s->scantable, ff_zigzag_direct);