avcodec/ffv1dec: Check for min packet size

Fixes: Timeout Fixes: 48619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5793597923917824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/ffv1dec: Check for min packet size
Fixes: Timeout Fixes: 48619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_fuzzer-5793597923917824 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by: Michael Niedermayer <michael@niedermayer.cc>
78b95530 · Michael Niedermayer · ba0c3d1d · 78b95530
Commit 78b95530 authored Jul 03, 2022 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

ffv1dec.c libavcodec/ffv1dec.c +8 -0

No files found.
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -879,6 +879,14 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *rframe,
        p->key_frame = 0;
    }

+    if (f->ac != AC_GOLOMB_RICE) {
+        if (buf_size < avctx->width * avctx->height / (128*8))
+            return AVERROR_INVALIDDATA;
+    } else {
+        if (buf_size < avctx->height / 8)
+            return AVERROR_INVALIDDATA;
+    }
+
    ret = ff_thread_get_ext_buffer(avctx, &f->picture, AV_GET_BUFFER_FLAG_REF);
    if (ret < 0)
        return ret;