Stowage/ffmpeg
2
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-10-19 18:03:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

avcodec/cfhd: Check idwt_buf size before allocation

Browse source 
Fixes: OOM
Fixes: 428760799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CFHD_DEC_fuzzer-5685176435015680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 2d72bf6fe0)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2025-07-15 22:19:24 +02:00
parent 2626ee4476
commit 3b922a53d2
No known key found for this signature in database
GPG key ID: B18E8928B3948D64
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
libavcodec/cfhd.c
View file

@ -275,6 +275,9 @@ static int alloc_buffers(AVCodecContext *avctx)
int height = (i || bayer) ? s->coded_height >> chroma_y_shift : s->coded_height; int height = (i || bayer) ? s->coded_height >> chroma_y_shift : s->coded_height;
ptrdiff_t stride = (FFALIGN(width / 8, 8) + 64) * 8; ptrdiff_t stride = (FFALIGN(width / 8, 8) + 64) * 8;
if ((ret = av_image_check_size2(stride, height, avctx->max_pixels, s->coded_format, 0, avctx)) < 0)
return ret;
if (chroma_y_shift && !bayer) if (chroma_y_shift && !bayer)
height = FFALIGN(height / 8, 2) * 8; height = FFALIGN(height / 8, 2) * 8;
s->plane[i].width = width; s->plane[i].width = width;