On Sat, Dec 15, 2018 at 02:44:43AM +0100, Michael Niedermayer wrote: > Fixes: Timeout > Fixes: > 10313/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP7_fuzzer-5637719389110272 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/vp8.c | 21 ++++++++++++++------- > 1 file changed, 14 insertions(+), 7 deletions(-) > > diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c > index a06692c476..ba79e5fdab 100644 > --- a/libavcodec/vp8.c > +++ b/libavcodec/vp8.c > @@ -2268,7 +2268,7 @@ void filter_mb_simple(VP8Context *s, uint8_t *dst, > VP8FilterStrength *f, > > #define MARGIN (16 << 2) > static av_always_inline > -void vp78_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *curframe, > +int vp78_decode_mv_mb_modes(AVCodecContext *avctx, VP8Frame *curframe, > VP8Frame *prev_frame, int is_vp7) > { > VP8Context *s = avctx->priv_data; > @@ -2285,6 +2285,10 @@ void vp78_decode_mv_mb_modes(AVCodecContext *avctx, > VP8Frame *curframe, > > s->mv_bounds.mv_min.x = -MARGIN; > s->mv_bounds.mv_max.x = ((s->mb_width - 1) << 6) + MARGIN; > + > + if (vpX_rac_is_end(&s->c)) { > + return AVERROR_INVALIDDATA; > + } > for (mb_x = 0; mb_x < s->mb_width; mb_x++, mb_xy++, mb++) {
ok. -- Peter (A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
