ffmpeg | branch: master | Michael Niedermayer <mich...@niedermayer.cc> | Thu Dec 12 23:13:02 2019 +0100| [e7af64178a48b30bade107c2d2938b48bd86eb82] | committer: Michael Niedermayer
avcodec/iff: Check input space before loop in decode_delta_d() Fixes: Timeout (114sec ->108ms) Fixes: 19290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5740598116220928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e7af64178a48b30bade107c2d2938b48bd86eb82 --- libavcodec/iff.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/iff.c b/libavcodec/iff.c index f82141d2e7..d826e78089 100644 --- a/libavcodec/iff.c +++ b/libavcodec/iff.c @@ -1354,6 +1354,9 @@ static void decode_delta_d(uint8_t *dst, bytestream2_init(&gb, buf + ofssrc, buf_end - (buf + ofssrc)); entries = bytestream2_get_be32(&gb); + if (entries * 8LL > bytestream2_get_bytes_left(&gb)) + return; + while (entries && bytestream2_get_bytes_left(&gb) >= 8) { int32_t opcode = bytestream2_get_be32(&gb); unsigned offset = bytestream2_get_be32(&gb); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
