On Sun, 27 Nov 2022 at 22:34, Michael Niedermayer <mich...@niedermayer.cc> wrote:
> Fixes: Timeout > Fixes: > 53599/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IPU_fuzzer-4950102511058944 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>: > Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/mpeg12dec.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c > index 914516bbd9..c93368e255 100644 > --- a/libavcodec/mpeg12dec.c > +++ b/libavcodec/mpeg12dec.c > @@ -2969,6 +2969,9 @@ static int ipu_decode_frame(AVCodecContext *avctx, > AVFrame *frame, > GetBitContext *gb = &m->gb; > int ret; > > + if (avpkt->size*8LL < (avctx->width+15)/16 * ((avctx->height+15)/16) > * 2 * 7) > + return AVERROR_INVALIDDATA; > + > ret = ff_get_buffer(avctx, frame, 0); > if (ret < 0) > return ret; > Where does this AVPacket limitation come from? Are you able to explain in a comment where these numbers come from? In particular the "2 * 7". Kieran _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
