virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-10 06:10:52 +02:00
Code Issues Releases Activity

libavcodec/mvha: Check height before applying median predictor

Browse Source 
Fixes: out of array read
Fixes: 20495/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MVHA_fuzzer-5711179129552896

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2020-02-09 15:02:45 +01:00
parent b0eec1391e
commit c9c958051c
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/mvha.c
View File

@@ -256,6 +256,7 @@ static int decode_frame(AVCodecContext *avctx,
dst = frame->data[p] + (avctx->height - 1) * frame->linesize[p]; dst = frame->data[p] + (avctx->height - 1) * frame->linesize[p];
s->llviddsp.add_left_pred(dst, dst, width, 0); s->llviddsp.add_left_pred(dst, dst, width, 0);
if (avctx->height > 1) {
dst -= stride; dst -= stride;
lefttop = left = dst[0]; lefttop = left = dst[0];
for (int y = 1; y < avctx->height; y++) { for (int y = 1; y < avctx->height; y++) {
@@ -264,6 +265,7 @@ static int decode_frame(AVCodecContext *avctx,
dst -= stride; dst -= stride;
} }
} }
}
frame->pict_type = AV_PICTURE_TYPE_I; frame->pict_type = AV_PICTURE_TYPE_I;
frame->key_frame = 1; frame->key_frame = 1;