avcodec/mdec: Check input space vs minimal block size

Fixes: Timeout Fixes: 481006706/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MDEC_fuzzer-6122832651419648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2026-04-20 21:00:41 +08:00 · 2026-02-06 22:37:53 +01:00
parent 73681f888d
commit 40cafc25cf
1 changed files with 3 additions and 0 deletions
--- a/libavcodec/mdec.c
+++ b/libavcodec/mdec.c
@@ -174,6 +174,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
    int buf_size          = avpkt->size;
    int ret;

+    if (a->mb_width * a->mb_height * 3 > buf_size)
+        return AVERROR_INVALIDDATA;
+
    if ((ret = ff_thread_get_buffer(avctx, frame, 0)) < 0)
        return ret;