PR #21716 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21716 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21716.patch
Fixes: Timeout Fixes: 471664630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TMV_fuzzer-5291752530706432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From db077da15d7e88dfc4a9903be54d8916c11b02ee Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Tue, 10 Feb 2026 13:41:29 +0100 Subject: [PATCH] avcodec/tmv: Move space check before buffer allocation Fixes: Timeout Fixes: 471664630/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TMV_fuzzer-5291752530706432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/tmv.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/tmv.c b/libavcodec/tmv.c index 0eedc258c3..6aa76fbcc3 100644 --- a/libavcodec/tmv.c +++ b/libavcodec/tmv.c @@ -47,9 +47,6 @@ static int tmv_decode_frame(AVCodecContext *avctx, AVFrame *frame, unsigned x, y, fg, bg, c; int ret; - if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) - return ret; - if (avpkt->size < 2*char_rows*char_cols) { av_log(avctx, AV_LOG_ERROR, "Input buffer too small, truncated sample?\n"); @@ -57,6 +54,9 @@ static int tmv_decode_frame(AVCodecContext *avctx, AVFrame *frame, return AVERROR_INVALIDDATA; } + if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) + return ret; + dst = frame->data[0]; memcpy(frame->data[1], ff_cga_palette, 16 * 4); -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
