LGTM On Sat, Aug 10, 2019 at 11:16 PM Michael Niedermayer <mich...@niedermayer.cc> wrote:
> Fixes: signed integer overflow: 2082471995 * 36 cannot be represented in > type 'int' > Fixes: > 16025/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DDS_fuzzer-5136663778426880 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by > <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>: > Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/dds.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/libavcodec/dds.c b/libavcodec/dds.c > index f026f9cd5a..9154f692fa 100644 > --- a/libavcodec/dds.c > +++ b/libavcodec/dds.c > @@ -613,6 +613,7 @@ static int dds_decode(AVCodecContext *avctx, void > *data, > AVFrame *frame = data; > int mipmap; > int ret; > + int width, height; > > ff_texturedsp_init(&ctx->texdsp); > bytestream2_init(gbc, avpkt->data, avpkt->size); > @@ -631,9 +632,9 @@ static int dds_decode(AVCodecContext *avctx, void > *data, > > bytestream2_skip(gbc, 4); // flags > > - avctx->height = bytestream2_get_le32(gbc); > - avctx->width = bytestream2_get_le32(gbc); > - ret = av_image_check_size(avctx->width, avctx->height, 0, avctx); > + height = bytestream2_get_le32(gbc); > + width = bytestream2_get_le32(gbc); > + ret = ff_set_dimensions(avctx, width, height); > if (ret < 0) { > av_log(avctx, AV_LOG_ERROR, "Invalid image size %dx%d.\n", > avctx->width, avctx->height); > -- > 2.22.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
