Commit 78aa9380 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/snowdec: Check width

Fixes: out of array read
Fixes: 1419/clusterfuzz-testcase-minimized-6108700873850880

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpegSigned-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent ea627dc0
...@@ -384,6 +384,10 @@ static int decode_header(SnowContext *s){ ...@@ -384,6 +384,10 @@ static int decode_header(SnowContext *s){
av_log(s->avctx, AV_LOG_ERROR, "spatial_decomposition_count %d too large for size\n", s->spatial_decomposition_count); av_log(s->avctx, AV_LOG_ERROR, "spatial_decomposition_count %d too large for size\n", s->spatial_decomposition_count);
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
if (s->avctx->width > 65536-4) {
av_log(s->avctx, AV_LOG_ERROR, "Width %d is too large\n", s->avctx->width);
return AVERROR_INVALIDDATA;
}
s->qlog += get_symbol(&s->c, s->header_state, 1); s->qlog += get_symbol(&s->c, s->header_state, 1);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment