virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-04 22:03:09 +02:00
Code Issues Releases Activity

avcodec/sanm: Check w, h for subversion < 2

Browse Source 
Fixes: 410609432/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-4935159201988608
Fixes: out of array access

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Manuel Lauss <manuel.lauss@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2025-06-19 05:04:30 +02:00
parent 1b12e919cf
commit 3afae0f440
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/sanm.c
View File

@ -1670,6 +1670,8 @@ static int process_frame_obj(SANMVideoContext *ctx, GetByteContext *gb)
/* Rebel Assault 1: 384x242 internal size */ /* Rebel Assault 1: 384x242 internal size */
xres = 384; xres = 384;
yres = 242; yres = 242;
if (w > xres || h > yres)
return AVERROR_INVALIDDATA;
ctx->have_dimensions = 1; ctx->have_dimensions = 1;
} else if (codec == 37 || codec == 47 || codec == 48) { } else if (codec == 37 || codec == 47 || codec == 48) {
/* these codecs work on full frames, trust their dimensions */ /* these codecs work on full frames, trust their dimensions */