Commit 87ddf9f1 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/4xm: Check index in decode_i_block() also in the path where its not used.

Fixes: Infinite loop
Fixes: signed integer overflow: 2147483644 + 16 cannot be represented in type 'int'
Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584
Fixes: 16782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5743163859271680
Fixes: 17641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5711603562971136

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: 's avatarPaul B Mahol <onemda@gmail.com>
Signed-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent c5a52eb5
......@@ -525,6 +525,10 @@ static int decode_i_block(FourXContext *f, int16_t *block)
break;
if (code == 0xf0) {
i += 16;
if (i >= 64) {
av_log(f->avctx, AV_LOG_ERROR, "run %d overflow\n", i);
return 0;
}
} else {
if (code & 0xf) {
level = get_xbits(&f->gb, code & 0xf);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment