On Sat, 5 May 2018 22:47:37 +0200 Michael Niedermayer <mich...@niedermayer.cc> wrote:
> Fixes: out of array read > Fixes: > 6546/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-6317064647081984 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/fic.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/libavcodec/fic.c b/libavcodec/fic.c > index d7ee370423..6824a5683c 100644 > --- a/libavcodec/fic.c > +++ b/libavcodec/fic.c > @@ -337,6 +337,11 @@ static int fic_decode_frame(AVCodecContext *avctx, void > *data, > skip_cursor = 1; > } > > + if (!skip_cursor && avpkt->size < 59 + 32 * 32 * 4) { > + av_log(avctx, AV_LOG_WARNING, "Input is cursorless\n"); > + skip_cursor = 1; > + } > + > /* Slice height for all but the last slice. */ > ctx->slice_h = 16 * (ctx->aligned_height >> 4) / nslices; > if (ctx->slice_h % 16) No warning needed. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
