mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-01-24 13:56:33 +02:00
avcodec/hq_hqa: Check info size
Fixes: assertion failure Fixes: 21079/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HQ_HQA_fuzzer-5737046523248640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit cf28521fee22dbe2f7eeb8ab0306c0fd0802c48a) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
parent
9f1cb0b890
commit
14fe71f5dc
@ -321,7 +321,7 @@ static int hq_hqa_decode_frame(AVCodecContext *avctx, void *data,
|
|||||||
int info_size;
|
int info_size;
|
||||||
bytestream2_skip(&ctx->gbc, 4);
|
bytestream2_skip(&ctx->gbc, 4);
|
||||||
info_size = bytestream2_get_le32(&ctx->gbc);
|
info_size = bytestream2_get_le32(&ctx->gbc);
|
||||||
if (bytestream2_get_bytes_left(&ctx->gbc) < info_size) {
|
if (info_size < 0 || bytestream2_get_bytes_left(&ctx->gbc) < info_size) {
|
||||||
av_log(avctx, AV_LOG_ERROR, "Invalid INFO size (%d).\n", info_size);
|
av_log(avctx, AV_LOG_ERROR, "Invalid INFO size (%d).\n", info_size);
|
||||||
return AVERROR_INVALIDDATA;
|
return AVERROR_INVALIDDATA;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user