avcodec/msrle: Check that the input is large enough to contain a end of picture code

Fixes: Timeout Fixes: 10625/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSRLE_fuzzer-5659651283091456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 203ccb8746997777ce66beadd53b4631d217b9cd) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2018-10-21 14:40:14 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2018-11-18 02:35:03 +0100
commit: e6f8f6a7eefd1fb29db17a86bba4434117eaab08 (patch)
tree: 25222df1ea6c0334c81493e8329c2d89d821d282
parent: 353ef58a8279d3c3a45fe18d1245d84cb843eb18 (diff)
download: ffmpeg-e6f8f6a7eefd1fb29db17a86bba4434117eaab08.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/msrle.c b/libavcodec/msrle.c
index adb55b1302..1ab8a41985 100644
--- a/libavcodec/msrle.c
+++ b/libavcodec/msrle.c
@@ -95,6 +95,9 @@ static int msrle_decode_frame(AVCodecContext *avctx,
     s->buf = buf;
     s->size = buf_size;
 
+    if (buf_size < 2) //Minimally a end of picture code should be there
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_reget_buffer(avctx, s->frame)) < 0)
         return ret;
author	Michael Niedermayer <michael@niedermayer.cc>	2018-10-21 14:40:14 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2018-11-18 02:35:03 +0100
commit	e6f8f6a7eefd1fb29db17a86bba4434117eaab08 (patch)
tree	25222df1ea6c0334c81493e8329c2d89d821d282
parent	353ef58a8279d3c3a45fe18d1245d84cb843eb18 (diff)
download	ffmpeg-e6f8f6a7eefd1fb29db17a86bba4434117eaab08.tar.gz