mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
avcodec/exr: Check oe in huf_decode() before use
Fixes: out of array access Fixes: 31386/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5773234709594112 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
b484e140ef
commit
9e8475c7c7
@ -422,7 +422,12 @@ static int huf_decode(VLC *vlc, GetByteContext *gb, int nbits, int run_sym,
|
|||||||
|
|
||||||
if (x == run_sym) {
|
if (x == run_sym) {
|
||||||
int run = get_bits(&gbit, 8);
|
int run = get_bits(&gbit, 8);
|
||||||
uint16_t fill = out[oe - 1];
|
uint16_t fill;
|
||||||
|
|
||||||
|
if (oe == 0 || oe + run > no)
|
||||||
|
return AVERROR_INVALIDDATA;
|
||||||
|
|
||||||
|
fill = out[oe - 1];
|
||||||
|
|
||||||
while (run-- > 0)
|
while (run-- > 0)
|
||||||
out[oe++] = fill;
|
out[oe++] = fill;
|
||||||
|
Loading…
Reference in New Issue
Block a user