[FFmpeg-devel] [PATCH 1/8] avcodec/magicyuv: Check slice size before reading flags and pred
Michael Niedermayer
michael at niedermayer.cc
Fri Oct 23 21:39:33 EEST 2020
Fixes: heap-buffer-overflow
Fixes: 26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/magicyuv.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c
index ea1f727e5c..e2b7bdd326 100644
--- a/libavcodec/magicyuv.c
+++ b/libavcodec/magicyuv.c
@@ -267,6 +267,9 @@ static int magy_decode_slice(AVCodecContext *avctx, void *tdata,
const uint8_t *slice = s->buf + s->slices[i][j].start;
int flags, pred;
+ if (s->slices[i][j].size < 2)
+ return AVERROR_INVALIDDATA;
+
flags = bytestream_get_byte(&slice);
pred = bytestream_get_byte(&slice);
--
2.17.1
More information about the ffmpeg-devel
mailing list