virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-10 06:10:52 +02:00
Code Issues Releases Activity

avcodec/nuv: Check for minimum input size for uncomprssed and rtjpeg

Browse Source 
Fixes: Timeout
Fixes: 6297/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-4882404863901696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2018-02-27 15:17:12 +01:00
parent 64c9ce0abc
commit 8ee3265dbe
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
libavcodec/nuv.c
View File

@@ -161,6 +161,7 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
int orig_size = buf_size; int orig_size = buf_size;
int keyframe, ret; int keyframe, ret;
int size_change = 0; int size_change = 0;
int minsize = 0;
int result, init_frame = !avctx->frame_number; int result, init_frame = !avctx->frame_number;
enum { enum {
NUV_UNCOMPRESSED = '0', NUV_UNCOMPRESSED = '0',
@@ -206,6 +207,16 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
keyframe = 1; keyframe = 1;
break; break;
} }
switch (comptype) {
case NUV_UNCOMPRESSED:
minsize = c->width * c->height * 3 / 2;
break;
case NUV_RTJPEG:
minsize = c->width/16 * (c->height/16) * 6;
break;
}
if (buf_size < minsize / 4)
return AVERROR_INVALIDDATA;
retry: retry:
// Skip the rest of the frame header. // Skip the rest of the frame header.
buf = &buf[12]; buf = &buf[12];