avcodec/scpr: Fix reading a pixel before the first

Fixes: 5540/clusterfuzz-testcase-minimized-6122458273808384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 0fb33a82890753233225c61863fff1fcc9d970d4) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-03-23 04:24:35 +02:00 · 2018-02-03 18:49:07 +01:00 · 2018-02-03 18:49:07 +01:00 · 55e6c6b5fe
commit 55e6c6b5fe
parent 66881cf2b5
1 changed files with 4 additions and 0 deletions
--- a/libavcodec/scpr.c
+++ b/libavcodec/scpr.c
@ -679,6 +679,8 @@ static int decompress_p(AVCodecContext *avctx,
                                return AVERROR_INVALIDDATA;

                            if (bx == 0) {
+                                if (by < 2)
+                                    return AVERROR_INVALIDDATA;
                                z = backstep;
                            } else {
                                z = 0;
@ -708,6 +710,8 @@ static int decompress_p(AVCodecContext *avctx,
                                return AVERROR_INVALIDDATA;

                            if (bx == 0) {
+                                if (by < 2)
+                                    return AVERROR_INVALIDDATA;
                                z = backstep;
                            } else {
                                z = 0;