On 2/9/18, Michael Niedermayer <mich...@niedermayer.cc> wrote: > Fixes: out of array access > Fixes: 5919/clusterfuzz-testcase-minimized-5859311382167552 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/vp3.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c > index cf9c57f5fa..120c20f349 100644 > --- a/libavcodec/vp3.c > +++ b/libavcodec/vp3.c > @@ -978,6 +978,9 @@ static int unpack_vlcs(Vp3DecodeContext *s, > GetBitContext *gb, > if (eob_run_get_bits[token]) > eob_run += get_bits(gb, eob_run_get_bits[token]); > > + if (!eob_run) > + return AVERROR_INVALIDDATA; > + > // record only the number of blocks ended in this plane, > // any spill will be recorded in the next plane. > if (eob_run > num_coeffs - coeff_i) { > -- > 2.16.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel >
probably ok _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
