avcodec/dvbsubdec: Check pixel buffer size constraint from ETSI EN 300 743 V1.3.1

Fixes: OOM Fixes: 2143/clusterfuzz-testcase-minimized-5482288060039168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/dvbsubdec: Check pixel buffer size constraint from ETSI EN 300 743 V1.3.1
Fixes: OOM Fixes: 2143/clusterfuzz-testcase-minimized-5482288060039168 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
e1b0044c · Michael Niedermayer · 4bcde261 · e1b0044c
Commit e1b0044c authored Jun 09, 2017 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

dvbsubdec.c libavcodec/dvbsubdec.c +4 -0

No files found.
--- a/libavcodec/dvbsubdec.c
+++ b/libavcodec/dvbsubdec.c
@@ -1158,6 +1158,10 @@ static int dvbsub_parse_region_segment(AVCodecContext *avctx,
    buf += 2;

    ret = av_image_check_size2(region->width, region->height, avctx->max_pixels, AV_PIX_FMT_PAL8, 0, avctx);
+    if (ret >= 0 && region->width * region->height * 2 > 320 * 1024 * 8) {
+        ret = AVERROR_INVALIDDATA;
+        av_log(avctx, AV_LOG_ERROR, "Pixel buffer memory constraint violated\n");
+    }
    if (ret < 0) {
        region->width= region->height= 0;
        return ret;