mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-01-24 13:56:33 +02:00
avcodec/bgmc: Check input space in ff_bgmc_decode_init()
Fixes: Infinite loop Fixes: 16608/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5636229827133440 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Thilo Borgmann <thilo.borgmann@mail.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
daf92cc074
commit
b54031a6e9
@ -821,7 +821,9 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)
|
||||
unsigned int low;
|
||||
unsigned int value;
|
||||
|
||||
ff_bgmc_decode_init(gb, &high, &low, &value);
|
||||
int ret = ff_bgmc_decode_init(gb, &high, &low, &value);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
current_res = bd->raw_samples + start;
|
||||
|
||||
|
@ -485,12 +485,17 @@ av_cold void ff_bgmc_end(uint8_t **cf_lut, int **cf_lut_status)
|
||||
|
||||
|
||||
/** Initialize decoding and reads the first value */
|
||||
void ff_bgmc_decode_init(GetBitContext *gb, unsigned int *h,
|
||||
int ff_bgmc_decode_init(GetBitContext *gb, unsigned int *h,
|
||||
unsigned int *l, unsigned int *v)
|
||||
{
|
||||
if (get_bits_left(gb) < VALUE_BITS)
|
||||
return AVERROR_INVALIDDATA;
|
||||
|
||||
*h = TOP_VALUE;
|
||||
*l = 0;
|
||||
*v = get_bits_long(gb, VALUE_BITS);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
@ -40,7 +40,7 @@ int ff_bgmc_init(AVCodecContext *avctx, uint8_t **cf_lut, int **cf_lut_status);
|
||||
void ff_bgmc_end(uint8_t **cf_lut, int **cf_lut_status);
|
||||
|
||||
|
||||
void ff_bgmc_decode_init(GetBitContext *gb,
|
||||
int ff_bgmc_decode_init(GetBitContext *gb,
|
||||
unsigned int *h, unsigned int *l, unsigned int *v);
|
||||
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user