avcodec/dnxhd_parser: Fix parser when input does not have nicely sized packets

Fixes: out of array access Fixes: 15522/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DNXHD_fuzzer-5747756078989312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 2d900d8fe0aaf9c984e024956eb537ecdfe2c949) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2019-07-06 11:51:09 +02:00 · 2019-07-06 11:51:09 +02:00 · cacf998071
commit cacf998071
parent 01f9c1540a
1 changed files with 2 additions and 1 deletions
--- a/libavcodec/dnxhd_parser.c
+++ b/libavcodec/dnxhd_parser.c
@ -79,8 +79,9 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx,
                    if (remaining <= 0)
                        continue;
                }
+                remaining += i - 47;
                dctx->remaining = remaining;
-                if (buf_size - i + 47 >= dctx->remaining) {
+                if (buf_size >= dctx->remaining) {
                    pc->frame_start_found = 0;
                    pc->state64 = -1;
                    dctx->cur_byte = 0;