[FFmpeg-devel] [PATCH 1/7] avcodec/vc1: Check for excessive resolution
Michael Niedermayer
michael at niedermayer.cc
Fri Aug 16 00:49:09 EEST 2019
Fixes: overflow in aspect ratio calculation
Fixes: signed integer overflow: 393215 * 14594 cannot be represented in type 'int'
Fixes: 15728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5661588893204480
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/vc1dec.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index 9519864c55..2636ea701f 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -426,6 +426,11 @@ static av_cold int vc1_decode_init(AVCodecContext *avctx)
GetBitContext gb;
int ret;
+ if (avctx->width > 1 << 14 || avctx->height > 1 << 14) {
+ avpriv_request_sample(avctx, "Huge resolution");
+ return AVERROR_PATCHWELCOME;
+ }
+
/* save the container output size for WMImage */
v->output_width = avctx->width;
v->output_height = avctx->height;
--
2.22.1
More information about the ffmpeg-devel
mailing list