Commit e3e51f8c authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/mlpdec: Check that there is enough data for headers

Fixes: out of array access
Fixes: 1541/clusterfuzz-testcase-minimized-6403410590957568

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpegSigned-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent 9351a156
...@@ -1162,6 +1162,11 @@ static int read_access_unit(AVCodecContext *avctx, void* data, ...@@ -1162,6 +1162,11 @@ static int read_access_unit(AVCodecContext *avctx, void* data,
substr_header_size += 2; substr_header_size += 2;
} }
if (length < header_size + substr_header_size) {
av_log(m->avctx, AV_LOG_ERROR, "Insuffient data for headers\n");
goto error;
}
if (!(nonrestart_substr ^ m->is_major_sync_unit)) { if (!(nonrestart_substr ^ m->is_major_sync_unit)) {
av_log(m->avctx, AV_LOG_ERROR, "Invalid nonrestart_substr.\n"); av_log(m->avctx, AV_LOG_ERROR, "Invalid nonrestart_substr.\n");
goto error; goto error;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment