From 2405af5081a906cacc053ac4c59b13ef724cd094 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 21 Oct 2018 14:40:14 +0200
Subject: [PATCH] avcodec/msrle: Check that the input is large enough to
 contain a end of picture code

Fixes: Timeout
Fixes: 10625/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSRLE_fuzzer-5659651283091456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 203ccb8746997777ce66beadd53b4631d217b9cd)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/msrle.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/msrle.c b/libavcodec/msrle.c
index adb55b1302..1ab8a41985 100644
--- a/libavcodec/msrle.c
+++ b/libavcodec/msrle.c
@@ -95,6 +95,9 @@ static int msrle_decode_frame(AVCodecContext *avctx,
     s->buf = buf;
     s->size = buf_size;
 
+    if (buf_size < 2) //Minimally a end of picture code should be there
+        return AVERROR_INVALIDDATA;
+
     if ((ret = ff_reget_buffer(avctx, s->frame)) < 0)
         return ret;