2018-06-27 20:11 GMT+02:00, Michael Niedermayer <mich...@niedermayer.cc>: > Fixes: null pointer dereference > Fixes: > 8946/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-5078915222601728 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/dpx.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/libavcodec/dpx.c b/libavcodec/dpx.c > index f75e2cbbca..cf23bb6ba1 100644 > --- a/libavcodec/dpx.c > +++ b/libavcodec/dpx.c > @@ -395,12 +395,14 @@ static int decode_frame(AVCodecContext *avctx, > if (elements == 4) > *dst[3]++ = read16(&buf, endian) >> shift & 0xFFF; > } else { > - *dst[2]++ = read12in32(&buf, &rgbBuffer, > - &n_datum, endian); > + if (elements >= 3) > + *dst[2]++ = read12in32(&buf, &rgbBuffer, > + &n_datum, endian); > *dst[0]++ = read12in32(&buf, &rgbBuffer, > &n_datum, endian); > - *dst[1]++ = read12in32(&buf, &rgbBuffer, > - &n_datum, endian); > + if (elements >= 2) > + *dst[1]++ = read12in32(&buf, &rgbBuffer, > + &n_datum, endian); > if (elements == 4) > *dst[3]++ = read12in32(&buf, &rgbBuffer, > &n_datum, endian);
Looks good to me, please commit. Sorry, Carl Eugen _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
