virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2026-05-04 21:08:03 +02:00
Code Issues Releases Activity

avcodec/svq1dec: Check input space for minimum

Browse Source 
We reject inputs that are significantly smaller than the smallest frame.
This check raises the minimum input needed before time consuming computations are performed
it thus improves the computation per input byte and reduces the potential DoS impact

Fixes: Timeout
Fixes: 472769364/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ1_DEC_fuzzer-5519737145851904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit d538a71ad5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-02-10 18:42:07 +01:00
parent 5fe5d2a13b
commit 9601014f1e
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libavcodec/svq1dec.c
+5
View File
@@ -696,6 +696,11 @@ static int svq1_decode_frame(AVCodecContext *avctx, AVFrame *cur,
avctx->skip_frame >= AVDISCARD_ALL)
return buf_size;
// Reject obviously too-small packets early: require at least one remaining bit per aligned luma macroblock.
// FFALIGN(s->width, 16) * FFALIGN(s->height, 16) / 256 represent the number of Macroblocks
if (get_bits_left(&s->gb) < FFALIGN(s->width, 16) * FFALIGN(s->height, 16) / 256)
return AVERROR_INVALIDDATA;
result = ff_get_buffer(avctx, cur, s->nonref ? 0 : AV_GET_BUFFER_FLAG_REF);
if (result < 0)
return result;