PR #21715 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21715 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21715.patch
Fixes: Timeout Fixes: 471636089/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LEAD_fuzzer-6346348464242688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From 138e5478da0e24ef2b6dc5d2ff4e1136ea4add2f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Tue, 10 Feb 2026 13:56:10 +0100 Subject: [PATCH] avcodec/leaddec: Check input data before allocating buffer Fixes: Timeout Fixes: 471636089/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LEAD_fuzzer-6346348464242688 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/leaddec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/leaddec.c b/libavcodec/leaddec.c index e6a91faabc..e014394544 100644 --- a/libavcodec/leaddec.c +++ b/libavcodec/leaddec.c @@ -184,6 +184,9 @@ static int lead_decode_frame(AVCodecContext *avctx, AVFrame * frame, calc_dequant(dequant[0], ff_mjpeg_std_luminance_quant_tbl, q); calc_dequant(dequant[1], ff_mjpeg_std_chrominance_quant_tbl, q); + if (avpkt->size < ((avctx->width + 15) / 16) * ((avctx->height + 15) / 16) * 6 / 2) + return AVERROR_INVALIDDATA; + if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) return ret; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
