On 5/5/18, wm4 <nfx...@googlemail.com> wrote: > On Sat, 5 May 2018 22:47:37 +0200 > Michael Niedermayer <mich...@niedermayer.cc> wrote: > >> Fixes: out of array read >> Fixes: >> 6546/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-6317064647081984 >> >> Found-by: continuous fuzzing process >> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> >> --- >> libavcodec/fic.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/libavcodec/fic.c b/libavcodec/fic.c >> index d7ee370423..6824a5683c 100644 >> --- a/libavcodec/fic.c >> +++ b/libavcodec/fic.c >> @@ -337,6 +337,11 @@ static int fic_decode_frame(AVCodecContext *avctx, >> void *data, >> skip_cursor = 1; >> } >> >> + if (!skip_cursor && avpkt->size < 59 + 32 * 32 * 4) { >> + av_log(avctx, AV_LOG_WARNING, "Input is cursorless\n"); >> + skip_cursor = 1; >> + } >> + >> /* Slice height for all but the last slice. */ >> ctx->slice_h = 16 * (ctx->aligned_height >> 4) / nslices; >> if (ctx->slice_h % 16) > > No warning needed.
Agreed. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
