magicyuv: Check slice size before reading flags and pred

Michael Niedermayer Fri, 23 Oct 2020 11:46:30 -0700

Fixes: heap-buffer-overflow
Fixes: 
26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632


Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 libavcodec/magicyuv.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c
index ea1f727e5c..e2b7bdd326 100644
--- a/libavcodec/magicyuv.c
+++ b/libavcodec/magicyuv.c
@@ -267,6 +267,9 @@ static int magy_decode_slice(AVCodecContext *avctx, void 
*tdata,
         const uint8_t *slice = s->buf + s->slices[i][j].start;
         int flags, pred;
 
+        if (s->slices[i][j].size < 2)
+            return AVERROR_INVALIDDATA;
+
         flags = bytestream_get_byte(&slice);
         pred  = bytestream_get_byte(&slice);
 
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 1/8] avcodec/magicyuv: Check slice size before reading flags and pred

Reply via email to