On Tue, Apr 02, 2019 at 09:19:26PM +0200, Paul B Mahol wrote: > On 4/2/19, Michael Niedermayer <mich...@niedermayer.cc> wrote: > > Fixes: out of array access > > Fixes: > > 13997/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AGM_fuzzer-5701427252428800 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavcodec/agm.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/libavcodec/agm.c b/libavcodec/agm.c > > index b0e8b80f81..8e4d6eb342 100644 > > --- a/libavcodec/agm.c > > +++ b/libavcodec/agm.c > > @@ -88,6 +88,9 @@ static int read_code(GetBitContext *gb, int *oskip, int > > *level, int *map, int mo > > { > > int len = 0, skip = 0, max; > > > > + if (get_bits_left(gb) < 2) > > + return AVERROR_INVALIDDATA; > > + > > if (show_bits(gb, 2)) { > > switch (show_bits(gb, 4)) { > > case 1: > > -- > > 2.21.0 > > > > What? show_bits() can overread? > That is bug.
ill send a better patch thanks for reviewing [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Observe your enemies, for they first find out your faults. -- Antisthenes
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
