[FFmpeg-devel] [PATCH 6/6] avcodec/flicvideo: More strictly check chunk size for FLI_COPY
Michael Niedermayer
michael at niedermayer.cc
Sat Jun 22 02:29:36 EEST 2019
Fixes: Timeout (40sec -> 13sec)
Fixes: 15417/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-5679812615602176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/flicvideo.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c
index 2474a9ca72..209df591cf 100644
--- a/libavcodec/flicvideo.c
+++ b/libavcodec/flicvideo.c
@@ -729,9 +729,9 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
case FLI_COPY:
case FLI_DTA_COPY:
/* copy the chunk (uncompressed frame) */
- if (chunk_size - 6 > (unsigned int)(FFALIGN(s->avctx->width, 2) * s->avctx->height)*2) {
+ if (chunk_size - 6 != (unsigned int)(FFALIGN(s->avctx->width, 2) * s->avctx->height)*2) {
av_log(avctx, AV_LOG_ERROR, "In chunk FLI_COPY : source data (%d bytes) " \
- "bigger than image, skipping chunk\n", chunk_size - 6);
+ "different than image, skipping chunk\n", chunk_size - 6);
bytestream2_skip(&g2, chunk_size - 6);
} else {
--
2.22.0
More information about the ffmpeg-devel
mailing list