From add3c2468e960767c7fc7232ab8a492f8c55e65b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 26 Feb 2018 21:17:08 +0100 Subject: [PATCH] avcodec/bintext: sanity check dimensions Fixes: Timeout Fixes: 6277/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XBIN_fuzzer-6047202288861184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer (cherry picked from commit 090c0abff9c8b27304614f15d9464dbf4ea59833) Signed-off-by: Michael Niedermayer --- libavcodec/bintext.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/bintext.c b/libavcodec/bintext.c index 90bbe67b59..d967317671 100644 --- a/libavcodec/bintext.c +++ b/libavcodec/bintext.c @@ -35,6 +35,8 @@ #include "bintext.h" #include "internal.h" +#define FONT_WIDTH 8 + typedef struct XbinContext { AVFrame *frame; int palette[16]; @@ -91,6 +93,9 @@ static av_cold int decode_init(AVCodecContext *avctx) break; } } + if (avctx->width < FONT_WIDTH || avctx->height < s->font_height) + return AVERROR_INVALIDDATA; + s->frame = av_frame_alloc(); if (!s->frame) @@ -113,8 +118,6 @@ av_unused static void hscroll(AVCodecContext *avctx) } } -#define FONT_WIDTH 8 - /** * Draw character to screen */