On Thu, Aug 17, 2017 at 10:19:18AM +0200, Tomas Härdin wrote: > On 2017-08-16 16:03, Michael Niedermayer wrote: > >Fixes: OOM > >Fixes: 2710/clusterfuzz-testcase-minimized-4750001420894208 > > > >Found-by: continuous fuzzing process > >https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > >Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > >--- > > libavcodec/zmbv.c | 5 +++++ > > 1 file changed, 5 insertions(+) > > > >diff --git a/libavcodec/zmbv.c b/libavcodec/zmbv.c > >index f126515bd1..b09dc41ebd 100644 > >--- a/libavcodec/zmbv.c > >+++ b/libavcodec/zmbv.c > >@@ -589,6 +589,11 @@ static av_cold int decode_init(AVCodecContext *avctx) > > // Needed if zlib unused or init aborted before inflateInit > > memset(&c->zstream, 0, sizeof(z_stream)); > >+ if ((avctx->width + 255ULL) * (avctx->height + 64ULL) > > >FFMIN(avctx->max_pixels, INT_MAX / 4) ) { > >+ av_log(avctx, AV_LOG_ERROR, "Internal buffer (decomp_size) larger > >than max_pixels or too large\n"); > >+ return AVERROR_INVALIDDATA; > >+ } > >+ > > Looks like a decent solution
applied thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB While the State exists there can be no freedom; when there is freedom there will be no State. -- Vladimir Lenin
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
