Fixes: Timeout (47sec -> 35msec) Fixes: 23375/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TDSC_fuzzer-5633949497032704
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavcodec/tdsc.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/libavcodec/tdsc.c b/libavcodec/tdsc.c index eaea41c1f5..cd03558ecd 100644 --- a/libavcodec/tdsc.c +++ b/libavcodec/tdsc.c @@ -530,10 +530,15 @@ static int tdsc_decode_frame(AVCodecContext *avctx, void *data, /* Resize deflate buffer on resolution change */ if (ctx->width != avctx->width || ctx->height != avctx->height) { - ctx->deflatelen = avctx->width * avctx->height * (3 + 1); - ret = av_reallocp(&ctx->deflatebuffer, ctx->deflatelen); - if (ret < 0) - return ret; + int deflatelen = avctx->width * avctx->height * (3 + 1); + if (deflatelen != ctx->deflatelen) { + ctx->deflatelen =deflatelen; + ret = av_reallocp(&ctx->deflatebuffer, ctx->deflatelen); + if (ret < 0) { + ctx->deflatelen = 0; + return ret; + } + } } dlen = ctx->deflatelen; -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
