Fixes: 423673969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-5466731806261248 Fixes: out of array access
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavcodec/sanm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/sanm.c b/libavcodec/sanm.c index 02bb78859a8..df248ec3547 100644 --- a/libavcodec/sanm.c +++ b/libavcodec/sanm.c @@ -1649,7 +1649,7 @@ static int process_frame_obj(SANMVideoContext *ctx, GetByteContext *gb) bytestream2_skip(gb, 2); parm2 = bytestream2_get_le16u(gb); - if (w < 1 || h < 1 || w > 800 || h > 600 || left > 800 || top > 600) { + if (w < 1 || h < 1 || w > 800 || h > 600 || left >= w || top >= h || left < 0 || top < 0) { av_log(ctx->avctx, AV_LOG_WARNING, "ignoring invalid fobj dimensions: c%d %d %d @ %d %d\n", codec, w, h, left, top); -- 2.49.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".