avformat/imx: Check palette chunk size

Fixes: out of array write Fixes: 32116/clusterfuzz-testcase-minimized-ffmpeg_dem_SIMBIOSIS_IMX_fuzzer-6702533894602752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2021-03-30 12:47:22 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2021-04-01 10:10:21 +0200
commit: f7a515044766426cf3cac20bdc091b700f00a458 (patch)
tree: 1a3aa3d8e38e359b595bdfb9542be6b88df38e4a /libavformat/imx.c
parent: 497ea04dbda78d4eb9cffd208737b676f838725c (diff)
download: ffmpeg-f7a515044766426cf3cac20bdc091b700f00a458.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/imx.c b/libavformat/imx.c
index d203ed7a28..22fca0bdc0 100644
--- a/libavformat/imx.c
+++ b/libavformat/imx.c
@@ -113,6 +113,8 @@ retry:
             imx->first_video_packet_pos = pos;
         break;
     case 0xAA98:
+        if (chunk_size > 256 * 3)
+            return AVERROR_INVALIDDATA;
         for (int i = 0; i < chunk_size / 3; i++) {
             unsigned r = avio_r8(pb) << 18;
             unsigned g = avio_r8(pb) << 10;
author	Michael Niedermayer <michael@niedermayer.cc>	2021-03-30 12:47:22 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2021-04-01 10:10:21 +0200
commit	f7a515044766426cf3cac20bdc091b700f00a458 (patch)
tree	1a3aa3d8e38e359b595bdfb9542be6b88df38e4a /libavformat/imx.c
parent	497ea04dbda78d4eb9cffd208737b676f838725c (diff)
download	ffmpeg-f7a515044766426cf3cac20bdc091b700f00a458.tar.gz