avcodec/mlpdec: Check that there is enough data for headers
authorMichael Niedermayer <michael@niedermayer.cc>
Sat, 13 May 2017 21:13:38 +0000 (23:13 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Sat, 13 May 2017 21:15:13 +0000 (23:15 +0200)
Fixes: out of array access
Fixes: 1541/clusterfuzz-testcase-minimized-6403410590957568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/mlpdec.c

index b471f0d..fa4347f 100644 (file)
@@ -1162,6 +1162,11 @@ static int read_access_unit(AVCodecContext *avctx, void* data,
             substr_header_size += 2;
         }
 
             substr_header_size += 2;
         }
 
+        if (length < header_size + substr_header_size) {
+            av_log(m->avctx, AV_LOG_ERROR, "Insuffient data for headers\n");
+            goto error;
+        }
+
         if (!(nonrestart_substr ^ m->is_major_sync_unit)) {
             av_log(m->avctx, AV_LOG_ERROR, "Invalid nonrestart_substr.\n");
             goto error;
         if (!(nonrestart_substr ^ m->is_major_sync_unit)) {
             av_log(m->avctx, AV_LOG_ERROR, "Invalid nonrestart_substr.\n");
             goto error;