diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2022-08-19 00:41:57 +0300 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2022-09-25 14:51:54 +0300 |
commit | c7f723ddb677d6a13e9d8b62851f9d2583100fdf (patch) | |
tree | 097e010d5818e5d3b646a0fd97f22ee9d47e6ace | |
parent | 85f5aaa15fda09e8c01880d4ec622dd33c7b3636 (diff) |
avcodec/speedhq: Check width
Fixes: out of array access
Fixes: 50014/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SPEEDHQ_fuzzer-4748914632294400
Alternatively the buffer size can be increased
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit f0395f9ef6051315973f1fdded1804f81458566d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavcodec/speedhq.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/speedhq.c b/libavcodec/speedhq.c index 711bcd66d7..5a201b3a6e 100644 --- a/libavcodec/speedhq.c +++ b/libavcodec/speedhq.c @@ -498,7 +498,7 @@ static int speedhq_decode_frame(AVCodecContext *avctx, uint32_t second_field_offset; int ret; - if (buf_size < 4 || avctx->width < 8) + if (buf_size < 4 || avctx->width < 8 || avctx->width % 8 != 0) return AVERROR_INVALIDDATA; quality = buf[0]; |