avcodec/anm: Check input size for a frame with just a stop code
authorMichael Niedermayer <michael@niedermayer.cc>
Thu, 15 Aug 2019 19:00:54 +0000 (21:00 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Sun, 18 Aug 2019 20:12:55 +0000 (22:12 +0200)
Fixes: Timeout (11sec -> 6sec)
Fixes: 16344/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ANM_fuzzer-5673032000995328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/anm.c

index ab6a399..778f384 100644 (file)
@@ -119,6 +119,9 @@ static int decode_frame(AVCodecContext *avctx,
     uint8_t *dst, *dst_end;
     int count, ret;
 
+    if (buf_size < 7)
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_reget_buffer(avctx, s->frame)) < 0)
         return ret;
     dst     = s->frame->data[0];