avcodec/snowdec: Check for remaining bitstream in decode_blocks()
authorMichael Niedermayer <michael@niedermayer.cc>
Wed, 15 Nov 2017 20:17:16 +0000 (21:17 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Fri, 17 Nov 2017 19:37:41 +0000 (20:37 +0100)
Fixes: Timeout
Fixes: 3142/clusterfuzz-testcase-5007853163118592

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/snowdec.c

index a828769..a9bdb8d 100644 (file)
@@ -437,6 +437,8 @@ static int decode_blocks(SnowContext *s){
 
     for(y=0; y<h; y++){
         for(x=0; x<w; x++){
+            if (s->c.bytestream >= s->c.bytestream_end)
+                return AVERROR_INVALIDDATA;
             if ((res = decode_q_branch(s, 0, x, y)) < 0)
                 return res;
         }