aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec/parser.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2019-08-01 22:18:43 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2019-08-23 22:26:50 +0200
commit8a24d2cc304c7f0807bc472dfc39d247040d71c2 (patch)
tree68f9bcf560d8a028658466277e17d6f327aee016 /libavcodec/parser.c
parent68f30567df5659190bb0515e027be8f1a8116bc5 (diff)
downloadffmpeg-8a24d2cc304c7f0807bc472dfc39d247040d71c2.tar.gz
avcodec/parser: Optimize ff_combine_frame() with massivly negative next
Fixes: Timeout Fixes: 15558/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PPM_fuzzer-5705273643106304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/parser.c')
-rw-r--r--libavcodec/parser.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/parser.c b/libavcodec/parser.c
index 3e19810a94..a63f532c48 100644
--- a/libavcodec/parser.c
+++ b/libavcodec/parser.c
@@ -295,6 +295,10 @@ int ff_combine_frame(ParseContext *pc, int next,
*buf = pc->buffer;
}
+ if (next < -8) {
+ pc->overread += -8 - next;
+ next = -8;
+ }
/* store overread bytes */
for (; next < 0; next++) {
pc->state = pc->state << 8 | pc->buffer[pc->last_index + next];