Fixes: out of array read Fixes: 20495/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-5711179129552896
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavcodec/mvha.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libavcodec/mvha.c b/libavcodec/mvha.c index afe5e511f2..1ea3bb3d76 100644 --- a/libavcodec/mvha.c +++ b/libavcodec/mvha.c @@ -256,12 +256,14 @@ static int decode_frame(AVCodecContext *avctx, dst = frame->data[p] + (avctx->height - 1) * frame->linesize[p]; s->llviddsp.add_left_pred(dst, dst, width, 0); - dst -= stride; - lefttop = left = dst[0]; - for (int y = 1; y < avctx->height; y++) { - s->llviddsp.add_median_pred(dst, dst + stride, dst, width, &left, &lefttop); - lefttop = left = dst[0]; + if (avctx->height > 1) { dst -= stride; + lefttop = left = dst[0]; + for (int y = 1; y < avctx->height; y++) { + s->llviddsp.add_median_pred(dst, dst + stride, dst, width, &left, &lefttop); + lefttop = left = dst[0]; + dst -= stride; + } } } -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
