avcodec/mjpegdec: Check for non ls PAL8
authorMichael Niedermayer <michael@niedermayer.cc>
Sat, 1 Jun 2019 17:06:07 +0000 (19:06 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Wed, 12 Jun 2019 10:01:32 +0000 (12:01 +0200)
Fixes: Null-dereference READ in av_malloc
Fixes: 15002/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THP_fuzzer-5643474625363968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/mjpegdec.c

index e82c185..20eeb96 100644 (file)
@@ -719,7 +719,9 @@ unk_pixfmt:
     }
 
     if ((s->rgb && !s->lossless && !s->ls) ||
-        (!s->rgb && s->ls && s->nb_components > 1)) {
+        (!s->rgb && s->ls && s->nb_components > 1) ||
+        (s->avctx->pix_fmt == AV_PIX_FMT_PAL8 && !s->ls)
+    ) {
         av_log(s->avctx, AV_LOG_ERROR, "Unsupported coding and pixel format combination\n");
         return AVERROR_PATCHWELCOME;
     }