[FFmpeg-devel] [PATCH] avcodec/fic: Check available input space for cursor
wm4
nfxjfg at googlemail.com
Sun May 6 00:11:38 EEST 2018
On Sat, 5 May 2018 22:47:37 +0200
Michael Niedermayer <michael at niedermayer.cc> wrote:
> Fixes: out of array read
> Fixes: 6546/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-6317064647081984
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/fic.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/libavcodec/fic.c b/libavcodec/fic.c
> index d7ee370423..6824a5683c 100644
> --- a/libavcodec/fic.c
> +++ b/libavcodec/fic.c
> @@ -337,6 +337,11 @@ static int fic_decode_frame(AVCodecContext *avctx, void *data,
> skip_cursor = 1;
> }
>
> + if (!skip_cursor && avpkt->size < 59 + 32 * 32 * 4) {
> + av_log(avctx, AV_LOG_WARNING, "Input is cursorless\n");
> + skip_cursor = 1;
> + }
> +
> /* Slice height for all but the last slice. */
> ctx->slice_h = 16 * (ctx->aligned_height >> 4) / nslices;
> if (ctx->slice_h % 16)
No warning needed.
More information about the ffmpeg-devel
mailing list