avcodec/bitstream: Check for integer code truncation in build_table()

Fixes: out of array read Fixes: 14563/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5646451545210880 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2019-06-05 12:18:54 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2019-06-14 21:36:39 +0200
commit: e78b0f83748f92ea9e93b21c36082e0dd04d7cb1 (patch)
tree: 1c97a9bdb12597f72b24fdb0894bb3ff6595c487
parent: 2a0f23b9d647ad84e0351b43ca4b552add00c8dc (diff)
download: ffmpeg-e78b0f83748f92ea9e93b21c36082e0dd04d7cb1.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/bitstream.c b/libavcodec/bitstream.c
index 8762e5f4b2..590b490527 100644
--- a/libavcodec/bitstream.c
+++ b/libavcodec/bitstream.c
@@ -226,6 +226,10 @@ static int build_table(VLC *vlc, int table_nb_bits, int nb_codes,
             /* note: realloc has been done, so reload tables */
             table = (volatile VLC_TYPE (*)[2])&vlc->table[table_index];
             table[j][0] = index; //code
+            if (table[j][0] != index) {
+                avpriv_request_sample(NULL, "strange codes");
+                return AVERROR_PATCHWELCOME;
+            }
             i = k-1;
         }
     }
author	Michael Niedermayer <michael@niedermayer.cc>	2019-06-05 12:18:54 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2019-06-14 21:36:39 +0200
commit	e78b0f83748f92ea9e93b21c36082e0dd04d7cb1 (patch)
tree	1c97a9bdb12597f72b24fdb0894bb3ff6595c487
parent	2a0f23b9d647ad84e0351b43ca4b552add00c8dc (diff)
download	ffmpeg-e78b0f83748f92ea9e93b21c36082e0dd04d7cb1.tar.gz