avcodec/4xm: Check for end of input in decode_p_block()
authorMichael Niedermayer <michael@niedermayer.cc>
Mon, 12 Aug 2019 00:17:18 +0000 (02:17 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Tue, 13 Aug 2019 14:48:38 +0000 (16:48 +0200)
Fixes: Timeout (81sec -> 0.2sec)
Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/4xm.c

index 8382159bdec76efac9a7a47ed470592f7df21f5e..1f4e2aee24c2396336d6bff414208ea56d261d8c 100644 (file)
@@ -351,6 +351,8 @@ static int decode_p_block(FourXContext *f, uint16_t *dst, const uint16_t *src,
     index = size2index[log2h][log2w];
     av_assert0(index >= 0);
 
+    if (get_bits_left(&f->gb) < 1)
+        return AVERROR_INVALIDDATA;
     h     = 1 << log2h;
     code  = get_vlc2(&f->gb, block_type_vlc[1 - (f->version > 1)][index].table,
                      BLOCK_TYPE_VLC_BITS, 1);