github-mirrors/FFmpeg
1
0
Fork 0
mirror of https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg synced 2026-04-21 13:21:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/indeo2: Check for invalid VLCs

Browse Source 
Fixes: timeout
Fixes: 1416/clusterfuzz-testcase-minimized-5536862435278848

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 159fb8ff7e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2017-05-09 00:02:22 +02:00
parent e82d6dafde
commit 99341b2a7f
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libavcodec/indeo2.c
View File

@@ -68,6 +68,8 @@ static int ir2_decode_plane(Ir2Context *ctx, int width, int height, uint8_t *dst
for (i = 0; i < c * 2; i++)
dst[out++] = 0x80;
} else { /* copy two values from table */
if (c <= 0)
return AVERROR_INVALIDDATA;
dst[out++] = table[c * 2];
dst[out++] = table[(c * 2) + 1];
}
@@ -89,7 +91,10 @@ static int ir2_decode_plane(Ir2Context *ctx, int width, int height, uint8_t *dst
out++;
}
} else { /* add two deltas from table */
int t = dst[out - pitch] + (table[c * 2] - 128);
int t;
if (c <= 0)
return AVERROR_INVALIDDATA;
t = dst[out - pitch] + (table[c * 2] - 128);
t = av_clip_uint8(t);
dst[out] = t;
out++;
@@ -125,6 +130,8 @@ static int ir2_decode_plane_inter(Ir2Context *ctx, int width, int height, uint8_
c -= 0x7F;
out += c * 2;
} else { /* add two deltas from table */
if (c <= 0)
return AVERROR_INVALIDDATA;
t = dst[out] + (((table[c * 2] - 128)*3) >> 2);
t = av_clip_uint8(t);
dst[out] = t;