[FFmpeg-devel] [PATCH 1/2] avcodec/vp9: Check in decode_tiles() if there is data remaining
Michael Niedermayer
michael at niedermayer.cc
Sun Aug 5 04:16:41 EEST 2018
Fixes: Timeout
Fixes: 9330/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP9_fuzzer-5707345857347584
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/vp9.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c
index b1178c9c0c..4ca51ec108 100644
--- a/libavcodec/vp9.c
+++ b/libavcodec/vp9.c
@@ -1302,6 +1302,9 @@ static int decode_tiles(AVCodecContext *avctx,
memset(lflvl_ptr->mask, 0, sizeof(lflvl_ptr->mask));
}
+ if (td->c->end <= td->c->buffer && td->c->bits >= 0) {
+ return AVERROR_INVALIDDATA;
+ }
if (s->pass == 2) {
decode_sb_mem(td, row, col, lflvl_ptr,
yoff2, uvoff2, BL_64X64);
--
2.18.0
More information about the ffmpeg-devel
mailing list