avcodec/golomb: Consume invalid data in get_ur_golomb_jpegls()

Fixes slow loops on fuzzed data Fixes: 245/fuzz-3-ffmpeg_AUDIO_AV_CODEC_ID_FLAC_fuzzer Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-10-30 23:18:11 +02:00 · 2016-12-08 01:46:26 +01:00
parent 445204cd57
commit 3ab1311aba
1 changed files with 10 additions and 7 deletions
--- a/libavcodec/golomb.h
+++ b/libavcodec/golomb.h
@@ -325,8 +325,10 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
    } else {
        int i;
        for (i = 0; i < limit && SHOW_UBITS(re, gb, 1) == 0; i++) {
-            if (gb->size_in_bits <= re_index)
+            if (gb->size_in_bits <= re_index) {
+                CLOSE_READER(re, gb);
                return -1;
+            }
            LAST_SKIP_BITS(re, gb, 1);
            UPDATE_CACHE(re, gb);
        }
@@ -348,16 +350,17 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
                buf = 0;
            }

-            CLOSE_READER(re, gb);
-            return buf + (i << k);
+            buf += (i << k);
        } else if (i == limit - 1) {
            buf = SHOW_UBITS(re, gb, esc_len);
            LAST_SKIP_BITS(re, gb, esc_len);
-            CLOSE_READER(re, gb);

-            return buf + 1;
-        } else
-            return -1;
+            buf ++;
+        } else {
+            buf = -1;
+        }
+        CLOSE_READER(re, gb);
+        return buf;
    }
 }