[FFmpeg-cvslog] avcodec/bintext: Check font height

Michael Niedermayer git at videolan.org
Thu Jun 27 20:49:40 EEST 2019 

ffmpeg | branch: release/4.1 | Michael Niedermayer <michael at niedermayer.cc> | Sun Jun 16 16:01:45 2019 +0200| [9b8a58fa78062ddee07a54237c77dcdc6186aab1] | committer: Michael Niedermayer

avcodec/bintext: Check font height

Fixes: division by zero
Fixes: 15257/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_BINTEXT_fuzzer-5757352881422336

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit bfb58bdd7015a6df2d130c92cf284d6a2362f3df)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9b8a58fa78062ddee07a54237c77dcdc6186aab1
---

 libavcodec/bintext.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/bintext.c b/libavcodec/bintext.c
index d85f2c2dd4..c310035830 100644
--- a/libavcodec/bintext.c
+++ b/libavcodec/bintext.c
@@ -63,6 +63,10 @@ static av_cold int decode_init(AVCodecContext *avctx)
             av_log(avctx, AV_LOG_ERROR, "not enough extradata\n");
             return AVERROR_INVALIDDATA;
         }
+        if (!s->font_height) {
+            av_log(avctx, AV_LOG_ERROR, "invalid font height\n");
+            return AVERROR_INVALIDDATA;
+        }
     } else {
         s->font_height = 8;
         s->flags = 0;

More information about the ffmpeg-cvslog mailing list