diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2019-06-15 21:47:16 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2019-11-11 20:18:46 +0100 |
| commit | bbb6c265e462733af0fa07db71d72b26f6c83b82 (patch) | |
| tree | d52211a2bfbac1f5174bdfcb92a2ed1b8d9a3e48 | |
| parent | cd9e249726de0d852986bbfa8ef35f854d63330e (diff) | |
| download | ffmpeg-bbb6c265e462733af0fa07db71d72b26f6c83b82.tar.gz | |
avcodec/loco: Limit lossy parameter so it is sane and does not overflow
Fixes: 15248/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5087440458481664
Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int'
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce3b0b9066b433564ed3ee3eed3a1e8f2c0834a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavcodec/loco.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/loco.c b/libavcodec/loco.c index 9d0f144451..9a309fd063 100644 --- a/libavcodec/loco.c +++ b/libavcodec/loco.c @@ -293,6 +293,11 @@ static av_cold int decode_init(AVCodecContext *avctx) avpriv_request_sample(avctx, "LOCO codec version %i", version); } + if (l->lossy > 65536U) { + av_log(avctx, AV_LOG_ERROR, "lossy %i is too large\n", l->lossy); + return AVERROR_INVALIDDATA; + } + l->mode = AV_RL32(avctx->extradata + 4); switch (l->mode) { case LOCO_CYUY2: |