avcodec/ituh263dec: Fix runtime error: left shift of 1342177279 by 1 places cannot...
authorMichael Niedermayer <michael@niedermayer.cc>
Thu, 23 Feb 2017 22:46:30 +0000 (23:46 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Thu, 23 Feb 2017 23:38:45 +0000 (00:38 +0100)
Fixes: 659/clusterfuzz-testcase-5866673603084288

Huge DMV could be created by an encoder ignoring the spec

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/ituh263dec.c

index 9a2c8e6..09b6a2f 100644 (file)
@@ -303,6 +303,10 @@ static int h263p_decode_umotion(MpegEncContext * s, int pred)
    {
       code <<= 1;
       code += get_bits1(&s->gb);
+      if (code >= 32768) {
+          avpriv_request_sample(s->avctx, "Huge DMV");
+          return AVERROR_INVALIDDATA;
+      }
    }
    sign = code & 1;
    code >>= 1;