On Fri, Jan 13, 2023 at 01:01:34AM +0100, Michael Niedermayer wrote: > Fixes: out of array access > Fixes: > 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6652634692190208 > Fixes: > 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6653703453278208 > Fixes: > 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6668020758216704 > Fixes: > 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WBMP_fuzzer-6684749875249152 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/wbmpdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/wbmpdec.c b/libavcodec/wbmpdec.c > index 9638b55b94..8b105bc135 100644 > --- a/libavcodec/wbmpdec.c > +++ b/libavcodec/wbmpdec.c > @@ -72,7 +72,7 @@ static int wbmp_decode_frame(AVCodecContext *avctx, AVFrame > *p, > if (p->linesize[0] == (width + 7) / 8) > bytestream2_get_buffer(&gb, p->data[0], height * ((width + 7) / 8)); > else > - readbits(p->data[0], width, height, p->linesize[0], gb.buffer, > gb.buffer_end - gb.buffer_start); > + readbits(p->data[0], width, height, p->linesize[0], gb.buffer, > gb.buffer_end - gb.buffer); > > p->key_frame = 1; > p->pict_type = AV_PICTURE_TYPE_I;
please apply. -- Peter (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
