mirrors/librempeg
1
0
Fork 0
mirror of https://github.com/librempeg/librempeg synced 2024-11-23 11:39:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/sanm: Check extradata_size before allocations

Browse Source 
Fixes: Leaks
Fixes: 15349/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM_fuzzer-5102530557640704

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2019-07-15 23:26:05 +02:00
parent 9051092e73
commit 172a43ce36
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libavcodec/sanm.c
View File

@ -491,6 +491,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
ctx->avctx = avctx;
ctx->version = !avctx->extradata_size;
// early sanity check before allocations to avoid need for deallocation code.
if (!ctx->version && avctx->extradata_size < 1026) {
av_log(avctx, AV_LOG_ERROR, "Not enough extradata.\n");
return AVERROR_INVALIDDATA;
}
avctx->pix_fmt = ctx->version ? AV_PIX_FMT_RGB565 : AV_PIX_FMT_PAL8;
@ -506,11 +511,6 @@ static av_cold int decode_init(AVCodecContext *avctx)
if (!ctx->version) {
int i;
if (avctx->extradata_size < 1026) {
av_log(avctx, AV_LOG_ERROR, "Not enough extradata.\n");
return AVERROR_INVALIDDATA;
}
ctx->subversion = AV_RL16(avctx->extradata);
for (i = 0; i < PALETTE_SIZE; i++)
ctx->pal[i] = 0xFFU << 24 | AV_RL32(avctx->extradata + 2 + i * 4);