avcodec/loco: Check for end of input in the first line
authorMichael Niedermayer <michael@niedermayer.cc>
Wed, 25 Sep 2019 19:48:26 +0000 (21:48 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Thu, 26 Sep 2019 19:02:34 +0000 (21:02 +0200)
Fixes: Timeout (85sec -> 0.1sec)
Fixes: 17634/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5666410809786368

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/loco.c

index d8bf68a..e891d83 100644 (file)
@@ -155,6 +155,8 @@ static int loco_decode_plane(LOCOContext *l, uint8_t *data, int width, int heigh
     /* restore top line */
     for (i = 1; i < width; i++) {
         val = loco_get_rice(&rc);
+        if (val == INT_MIN)
+           return AVERROR_INVALIDDATA;
         data[i] = data[i - 1] + val;
     }
     data += stride;