On 4/2/19, Michael Niedermayer <mich...@niedermayer.cc> wrote: > Fixes: out of array access > Fixes: > 13997/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5701427252428800 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/agm.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavcodec/agm.c b/libavcodec/agm.c > index b0e8b80f81..8e4d6eb342 100644 > --- a/libavcodec/agm.c > +++ b/libavcodec/agm.c > @@ -88,6 +88,9 @@ static int read_code(GetBitContext *gb, int *oskip, int > *level, int *map, int mo > { > int len = 0, skip = 0, max; > > + if (get_bits_left(gb) < 2) > + return AVERROR_INVALIDDATA; > + > if (show_bits(gb, 2)) { > switch (show_bits(gb, 4)) { > case 1: > -- > 2.21.0 >
What? show_bits() can overread? That is bug. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
