[FFmpeg-devel] [PATCH] avcodec/escape124: Check buf_size against num_superblocks

Mon Jun 25 00:18:25 EEST 2018

Fixes: Timeout
Fixes: 8722/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ESCAPE124_fuzzer-4843268402577408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavcodec/escape124.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c
index eb051eba54..33c67e7754 100644
--- a/libavcodec/escape124.c
+++ b/libavcodec/escape124.c
@@ -221,7 +221,7 @@ static int escape124_decode_frame(AVCodecContext *avctx,
 
     // This call also guards the potential depth reads for the
     // codebook unpacking.
-    if (get_bits_left(&gb) < 64)
+    if (get_bits_left(&gb) < 64 + s->num_superblocks * 23LL / 4320)
         return -1;
 
     frame_flags = get_bits_long(&gb, 32);
-- 
2.18.0

