avcodec/flicvideo: Check remaining bytes in FLI*COPY

Fixes: Timeout Fixes: 37795/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FLIC_fuzzer-4846536543043584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2021-09-14 20:31:39 +02:00 · 2021-09-14 20:31:39 +02:00 · 5f835efbca
commit 5f835efbca
parent 018b611b4b
1 changed files with 2 additions and 0 deletions
--- a/libavcodec/flicvideo.c
+++ b/libavcodec/flicvideo.c
@ -735,6 +735,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
                bytestream2_skip(&g2, chunk_size - 6);
            } else {

+                if (bytestream2_get_bytes_left(&g2) < 2 * s->avctx->width * s->avctx->height )
+                    return AVERROR_INVALIDDATA;
                for (y_ptr = 0; y_ptr < s->frame->linesize[0] * s->avctx->height;
                     y_ptr += s->frame->linesize[0]) {