1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-28 20:53:54 +02:00

avcodec/faxcompr: Check remaining bits on error in decode_group3_1d_line()

Fixes: Timeout
Fixes: 32886/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-4779761466474496

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7b3881f0da)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2021-04-15 20:08:22 +02:00
parent dcdb7d2dab
commit b655cebd91

View File

@ -224,7 +224,7 @@ static int decode_group3_1d_line(AVCodecContext *avctx, GetBitContext *gb,
run = 0;
mode = !mode;
} else if ((int)t == -1) {
if (show_bits(gb, 12) == 15) {
if (get_bits_left(gb) > 12 && show_bits(gb, 12) == 15) {
int ret;
skip_bits(gb, 12);
ret = decode_uncompressed(avctx, gb, &pix_left, &runs, runend, &mode);