diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2022-08-18 23:41:57 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2022-09-05 01:42:28 +0200 |
| commit | f0395f9ef6051315973f1fdded1804f81458566d (patch) | |
| tree | ce145cdf5ce27a763f35b483cdb9cf75a7762a70 | |
| parent | 6195a0ee191728b4e638cf3b620e68acde8854b0 (diff) | |
| download | ffmpeg-f0395f9ef6051315973f1fdded1804f81458566d.tar.gz | |
avcodec/speedhq: Check width
Fixes: out of array access
Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400
Alternatively the buffer size can be increased
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavcodec/speedhq.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/speedhq.c b/libavcodec/speedhq.c index 1661b66ae7..4f0e417a82 100644 --- a/libavcodec/speedhq.c +++ b/libavcodec/speedhq.c @@ -498,7 +498,7 @@ static int speedhq_decode_frame(AVCodecContext *avctx, AVFrame *frame, uint32_t second_field_offset; int ret; - if (buf_size < 4 || avctx->width < 8) + if (buf_size < 4 || avctx->width < 8 || avctx->width % 8 != 0) return AVERROR_INVALIDDATA; quality = buf[0]; |