diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2017-06-09 23:16:55 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2017-06-10 00:48:07 +0200 |
| commit | e1b0044c234775bf99ab1a5c794240a9a692ad8d (patch) | |
| tree | dc51d07f874da1810253708bb404343446b917fe /libavcodec | |
| parent | 4bcde26172bab43843e2f869025931217b3c5773 (diff) | |
| download | ffmpeg-e1b0044c234775bf99ab1a5c794240a9a692ad8d.tar.gz | |
avcodec/dvbsubdec: Check pixel buffer size constraint from ETSI EN 300 743 V1.3.1
Fixes: OOM
Fixes: 2143/clusterfuzz-testcase-minimized-5482288060039168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec')
| -rw-r--r-- | libavcodec/dvbsubdec.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/dvbsubdec.c b/libavcodec/dvbsubdec.c index bc16eb735b..98619f9631 100644 --- a/libavcodec/dvbsubdec.c +++ b/libavcodec/dvbsubdec.c @@ -1158,6 +1158,10 @@ static int dvbsub_parse_region_segment(AVCodecContext *avctx, buf += 2; ret = av_image_check_size2(region->width, region->height, avctx->max_pixels, AV_PIX_FMT_PAL8, 0, avctx); + if (ret >= 0 && region->width * region->height * 2 > 320 * 1024 * 8) { + ret = AVERROR_INVALIDDATA; + av_log(avctx, AV_LOG_ERROR, "Pixel buffer memory constraint violated\n"); + } if (ret < 0) { region->width= region->height= 0; return ret; |