x/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-11 08:13:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/pdvdec: Check input space before buffer allocation

Browse Source 
this rejects packets whose claimed decompressed frame would require a deflate ratio beyond the format's theoretical 1032:1 limit

Fixes: Timeout
Fixes: 474457186/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PDV_fuzzer-5366108782919680

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-05-03 10:25:54 +00:00
committed by michaelni
parent 702b0784b7
commit b801f1fe6d
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libavcodec/pdvdec.c
+3
View File
@@ -77,6 +77,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
return AVERROR_INVALIDDATA;
}
if (avpkt->size * 1032LL < ((avctx->width + 7) >> 3) * avctx->height) //Asymptotic max compression of deflate
return AVERROR_INVALIDDATA;
if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)
return ret;