[FFmpeg-cvslog] avcodec/mlpdec: Do not leave a invalid num_primitive_matrices in the context
Michael Niedermayer
git at videolan.org
Fri Jun 2 03:05:13 EEST 2017
ffmpeg | branch: release/3.3 | Michael Niedermayer <michael at niedermayer.cc> | Sat May 20 01:23:01 2017 +0200| [e605faaabcf8503166e5cb06a98cddbca46756a7] | committer: Michael Niedermayer
avcodec/mlpdec: Do not leave a invalid num_primitive_matrices in the context
Fixes: runtime error: index 8 out of bounds for type 'uint8_t [8]'
Fixes: 1699/clusterfuzz-testcase-minimized-6327177438035968
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 64ea4d102a070b95832ae4a751688f87da7760a2)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e605faaabcf8503166e5cb06a98cddbca46756a7
---
libavcodec/mlpdec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c
index 5426712007..eac19a0d5e 100644
--- a/libavcodec/mlpdec.c
+++ b/libavcodec/mlpdec.c
@@ -729,6 +729,7 @@ static int read_matrix_params(MLPDecodeContext *m, unsigned int substr, GetBitCo
av_log(m->avctx, AV_LOG_ERROR,
"Number of primitive matrices cannot be greater than %d.\n",
max_primitive_matrices);
+ s->num_primitive_matrices = 0;
return AVERROR_INVALIDDATA;
}
More information about the ffmpeg-cvslog
mailing list