Fixes: out of array access Fixes: 31386/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5773234709594112
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavcodec/exr.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/exr.c b/libavcodec/exr.c index 279cfe9412..65e5203c31 100644 --- a/libavcodec/exr.c +++ b/libavcodec/exr.c @@ -422,7 +422,12 @@ static int huf_decode(VLC *vlc, GetByteContext *gb, int nbits, int run_sym, if (x == run_sym) { int run = get_bits(&gbit, 8); - uint16_t fill = out[oe - 1]; + uint16_t fill; + + if (oe == 0 || oe + run > no) + return AVERROR_INVALIDDATA; + + fill = out[oe - 1]; while (run-- > 0) out[oe++] = fill; -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
