1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

avcodec/exr: Check oe in huf_decode() before use

Fixes: out of array access
Fixes: 31386/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5773234709594112

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2021-03-30 09:15:27 +02:00
parent b484e140ef
commit 9e8475c7c7

View File

@ -422,7 +422,12 @@ static int huf_decode(VLC *vlc, GetByteContext *gb, int nbits, int run_sym,
if (x == run_sym) { if (x == run_sym) {
int run = get_bits(&gbit, 8); int run = get_bits(&gbit, 8);
uint16_t fill = out[oe - 1]; uint16_t fill;
if (oe == 0 || oe + run > no)
return AVERROR_INVALIDDATA;
fill = out[oe - 1];
while (run-- > 0) while (run-- > 0)
out[oe++] = fill; out[oe++] = fill;