sanm: Check w, h for subversion < 2

Manuel Lauss Thu, 03 Jul 2025 13:33:30 -0700

Servus Michael,

On Thu, Jun 19, 2025 at 5:05 AM Michael Niedermayer
<mich...@niedermayer.cc> wrote:
>
> Fixes: 
> 410609432/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-4935159201988608
> Fixes: out of array access
>
> Found-by: continuous fuzzing process 
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> ---
>  libavcodec/sanm.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/libavcodec/sanm.c b/libavcodec/sanm.c
> index 642ef02bff2..02bb78859a8 100644
> --- a/libavcodec/sanm.c
> +++ b/libavcodec/sanm.c
> @@ -1670,6 +1670,8 @@ static int process_frame_obj(SANMVideoContext *ctx, 
> GetByteContext *gb)
>              /* Rebel Assault 1: 384x242 internal size */
>              xres = 384;
>              yres = 242;
> +            if (w > xres || h > yres)
> +                return AVERROR_INVALIDDATA;
>              ctx->have_dimensions = 1;
>          } else if (codec == 37 || codec == 47 || codec == 48) {
>              /* these codecs work on full frames, trust their dimensions */


This is OK, it does not impact "legitimate" Videos.

Thanks!
     Manuel
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/4] avcodec/sanm: Check w, h for subversion < 2

Reply via email to