On Tue, Nov 22, 2022 at 11:56:51PM +0100, Michael Niedermayer wrote:
> Fixes: Timeout
> Fixes: 
> 53438/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PICTOR_fuzzer-5458939919859712
> 
> Found-by: continuous fuzzing process 
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpe
> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> ---
>  libavcodec/pictordec.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/libavcodec/pictordec.c b/libavcodec/pictordec.c
> index 71bad40a0a..09229b94fd 100644
> --- a/libavcodec/pictordec.c
> +++ b/libavcodec/pictordec.c
> @@ -162,6 +162,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame 
> *frame,
>  
>      if (av_image_check_size(s->width, s->height, 0, avctx) < 0)
>          return -1;
> +    if (bytestream2_get_bytes_left(&s->g) < s->width * s->height / 65536 * 5)
> +        return AVERROR_INVALIDDATA;

how did you arrive at this formula?

-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to