Fixes: Timeout (>10sec -> 0.26sec) Fixes: 27419/clusterfuzz-testcase-minimized-ffmpeg_dem_SWF_fuzzer-5678307361947648
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavformat/swfdec.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index fa11c050cd..1463f0ad4d 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -368,14 +368,21 @@ static int swf_read_packet(AVFormatContext *s, AVPacket *pkt) ch_id, bmp_fmt, width, height, linesize, len, out_len, colormapsize); zbuf = av_malloc(len); - buf = av_malloc(out_len); - if (!zbuf || !buf) { + if (!zbuf) { res = AVERROR(ENOMEM); goto bitmap_end; } len = avio_read(pb, zbuf, len); - if (len < 0 || (res = uncompress(buf, &out_len, zbuf, len)) != Z_OK) { + if (len < 0) + goto bitmap_end_skip; + + buf = av_malloc(out_len); + if (!buf) { + res = AVERROR(ENOMEM); + goto bitmap_end; + } + if ((res = uncompress(buf, &out_len, zbuf, len)) != Z_OK) { av_log(s, AV_LOG_WARNING, "Failed to uncompress one bitmap\n"); goto bitmap_end_skip; } -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
