On Fri, Oct 23, 2020 at 08:54:33PM +0200, Andreas Rheinhardt wrote: > Michael Niedermayer: > > Fixes: heap-buffer-overflow > > Fixes: > > 26487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-5742553675333632 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavcodec/magicyuv.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/libavcodec/magicyuv.c b/libavcodec/magicyuv.c > > index ea1f727e5c..e2b7bdd326 100644 > > --- a/libavcodec/magicyuv.c > > +++ b/libavcodec/magicyuv.c > > @@ -267,6 +267,9 @@ static int magy_decode_slice(AVCodecContext *avctx, > > void *tdata, > > const uint8_t *slice = s->buf + s->slices[i][j].start; > > int flags, pred; > > > > + if (s->slices[i][j].size < 2) > > + return AVERROR_INVALIDDATA; > > + > > flags = bytestream_get_byte(&slice); > > pred = bytestream_get_byte(&slice); > > > > > It would be better to add this to line 625 to error out earlier (that's > where I forgot to check).
yes, thats better, will use that and will apply thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Concerning the gods, I have no means of knowing whether they exist or not or of what sort they may be, because of the obscurity of the subject, and the brevity of human life -- Protagoras
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
