On 8/5/18, Michael Niedermayer <mich...@niedermayer.cc> wrote: > Fixes: Timeout > Fixes: > 9342/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-4795990841229312 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/scpr.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c > index 72f59d5917..d1e47b09ac 100644 > --- a/libavcodec/scpr.c > +++ b/libavcodec/scpr.c > @@ -525,6 +525,9 @@ static int decompress_p(AVCodecContext *avctx, > if (ret < 0) > return ret; > > + if (min > max) > + return AVERROR_INVALIDDATA; > +
Shouldn't this check be actually bellow? You sure this does not break valid files? > max += temp << 8; > memset(s->blocks, 0, sizeof(*s->blocks) * s->nbcount); > > -- > 2.18.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
