Fixes: out of memory Fixes: 29985/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-6424425392111616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavcodec/cri.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/cri.c b/libavcodec/cri.c index 2d33b54e42..3312606b75 100644 --- a/libavcodec/cri.c +++ b/libavcodec/cri.c @@ -184,6 +184,7 @@ static int cri_decode_frame(AVCodecContext *avctx, void *data, char codec_name[1024]; uint32_t key, length; float framerate; + int width, height; key = bytestream2_get_le32(gb); length = bytestream2_get_le32(gb); @@ -199,11 +200,14 @@ static int cri_decode_frame(AVCodecContext *avctx, void *data, case 100: if (length < 16) return AVERROR_INVALIDDATA; - avctx->width = bytestream2_get_le32(gb); - avctx->height = bytestream2_get_le32(gb); + width = bytestream2_get_le32(gb); + height = bytestream2_get_le32(gb); s->color_model = bytestream2_get_le32(gb); if (bytestream2_get_le32(gb) != 1) return AVERROR_INVALIDDATA; + ret = ff_set_dimensions(avctx, width, height); + if (ret < 0) + return ret; length -= 16; goto skip; case 101: -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
