avcodec/scpr: Check minimum size of type 17
authorMichael Niedermayer <michael@niedermayer.cc>
Thu, 26 Sep 2019 19:56:48 +0000 (21:56 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Thu, 10 Oct 2019 12:34:19 +0000 (14:34 +0200)
Improves: Timeout (85sec -> 46sec)
Improves: 17644/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-5715704283660288

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/scpr.c

index ab4d5b5..2a0ebce 100644 (file)
@@ -534,6 +534,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
         uint32_t clr, *dst = (uint32_t *)s->current_frame->data[0];
         int y;
 
+        if (bytestream2_get_bytes_left(gb) < 3)
+            return AVERROR_INVALIDDATA;
+
         frame->key_frame = 1;
         bytestream2_skip(gb, 1);
         if (avctx->bits_per_coded_sample == 16) {