mirror of
https://gitee.com/openharmony/third_party_ffmpeg
synced 2024-11-23 11:19:55 +00:00
avcodec/4xm: Check index in decode_i_block() also in the path where its not used.
Fixes: Infinite loop Fixes: signed integer overflow: 2147483644 + 16 cannot be represented in type 'int' Fixes: 16169/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5662570416963584 Fixes: 16782/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5743163859271680 Fixes: 17641/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FOURXM_fuzzer-5711603562971136 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
c5a52eb5cd
commit
87ddf9f1ef
@ -525,6 +525,10 @@ static int decode_i_block(FourXContext *f, int16_t *block)
|
||||
break;
|
||||
if (code == 0xf0) {
|
||||
i += 16;
|
||||
if (i >= 64) {
|
||||
av_log(f->avctx, AV_LOG_ERROR, "run %d overflow\n", i);
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
if (code & 0xf) {
|
||||
level = get_xbits(&f->gb, code & 0xf);
|
||||
|
Loading…
Reference in New Issue
Block a user