PR #21667 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21667 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21667.patch
Fixes: Timeout Fixes: 481006706/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MDEC_fuzzer-6122832651419648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From b99718982527bcb6735882e662d2e902fd431797 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Fri, 6 Feb 2026 22:37:53 +0100 Subject: [PATCH] avcodec/mdec: Check input space vs minimal block size Fixes: Timeout Fixes: 481006706/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MDEC_fuzzer-6122832651419648 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/mdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/mdec.c b/libavcodec/mdec.c index c8865d7c63..580e4fd5a7 100644 --- a/libavcodec/mdec.c +++ b/libavcodec/mdec.c @@ -174,6 +174,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame, int buf_size = avpkt->size; int ret; + if (a->mb_width * a->mb_height * 3 >buf_size) + return AVERROR_INVALIDDATA; + if ((ret = ff_thread_get_buffer(avctx, frame, 0)) < 0) return ret; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
