har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avcodec/lagarith: Check dst/src in zero run code

Browse Source 
Fixes: out of array access
Fixes: 48799/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LAGARITH_fuzzer-4764457825337344

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 9450f759748d02d1d284d2e4afd741cb0fe0c04a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2022-07-12 20:43:20 +02:00
parent fe026fd0cb
commit f22b7e65c5
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/lagarith.c
View File

@ -409,6 +409,9 @@ output_zeros:
if (zero_run) { if (zero_run) {
zero_run = 0; zero_run = 0;
i += esc_count; i += esc_count;
if (i > end - dst ||
i >= src_end - src)
return AVERROR_INVALIDDATA;
memcpy(dst, src, i); memcpy(dst, src, i);
dst += i; dst += i;
l->zeros_rem = lag_calc_zero_run(src[i]); l->zeros_rem = lag_calc_zero_run(src[i]);