Fixes: out of array read Fixes: 6546/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FIC_fuzzer-6317064647081984
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavcodec/fic.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/fic.c b/libavcodec/fic.c index d7ee370423..6824a5683c 100644 --- a/libavcodec/fic.c +++ b/libavcodec/fic.c @@ -337,6 +337,11 @@ static int fic_decode_frame(AVCodecContext *avctx, void *data, skip_cursor = 1; } + if (!skip_cursor && avpkt->size < 59 + 32 * 32 * 4) { + av_log(avctx, AV_LOG_WARNING, "Input is cursorless\n"); + skip_cursor = 1; + } + /* Slice height for all but the last slice. */ ctx->slice_h = 16 * (ctx->aligned_height >> 4) / nslices; if (ctx->slice_h % 16) -- 2.17.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel