Stowage/ffmpeg
2
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-04 14:40:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

avcodec/pdvdec: Check input space before buffer allocation

Browse source 
this rejects packets whose claimed decompressed frame would require a deflate ratio beyond the format's theoretical 1032:1 limit

Fixes: Timeout
Fixes: 474457186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PDV_fuzzer-5366108782919680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit b801f1fe6d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2026-02-10 20:13:07 +01:00
parent 83cec00336
commit bf2dda84a6
No known key found for this signature in database
GPG key ID: B18E8928B3948D64
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
libavcodec/pdvdec.c
View file

@ -75,6 +75,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
return AVERROR_INVALIDDATA;
}
if (avpkt->size * 1032LL < ((avctx->width + 7) >> 3) * avctx->height) //Asymptotic max compression of deflate
return AVERROR_INVALIDDATA;
if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
return ret;