Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/FFmpeg/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2018-06-27 17:12:39 +0300
committerMichael Niedermayer <michael@niedermayer.cc>2018-07-16 20:02:12 +0300
commit841e1399e6d0db35fb4d1f75c87a6f467323d64d (patch)
tree0d45e7679bf502659e674cd0454f6b2342d8f0b8
parent9f76f0fab80cfff92d2d94cb4a8e981a8181f7d4 (diff)
avcodec/dpx: Check elements in 12bps planar path
Fixes: null pointer dereference Fixes: 8946/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DPX_fuzzer-5078915222601728 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Carl Eugen Hoyos <ceffmpeg@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 75a2db552423295b509546f3b0f8b2b46d3424b1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat
-rw-r--r--libavcodec/dpx.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/libavcodec/dpx.c b/libavcodec/dpx.c
index 026fb10e90..720a9b8506 100644
--- a/libavcodec/dpx.c
+++ b/libavcodec/dpx.c
@@ -408,12 +408,14 @@ static int decode_frame(AVCodecContext *avctx,
if (elements == 4)
*dst[3]++ = read16(&buf, endian) >> 4;
} else {
- *dst[2]++ = read12in32(&buf, &rgbBuffer,
- &n_datum, endian);
+ if (elements >= 3)
+ *dst[2]++ = read12in32(&buf, &rgbBuffer,
+ &n_datum, endian);
*dst[0]++ = read12in32(&buf, &rgbBuffer,
&n_datum, endian);
- *dst[1]++ = read12in32(&buf, &rgbBuffer,
- &n_datum, endian);
+ if (elements >= 2)
+ *dst[1]++ = read12in32(&buf, &rgbBuffer,
+ &n_datum, endian);
if (elements == 4)
*dst[3]++ = read12in32(&buf, &rgbBuffer,
&n_datum, endian);
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-04 17:51:44 +0300