Fixes: out of array read
Fixes: 1419/clusterfuzz-testcase-minimized-6108700873850880
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 78aa93807b3e0674e34d32c0bf6f78d7f5b7927e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
... | ... |
@@ -384,6 +384,10 @@ static int decode_header(SnowContext *s){ |
384 | 384 |
av_log(s->avctx, AV_LOG_ERROR, "spatial_decomposition_count %d too large for size\n", s->spatial_decomposition_count); |
385 | 385 |
return AVERROR_INVALIDDATA; |
386 | 386 |
} |
387 |
+ if (s->avctx->width > 65536-4) { |
|
388 |
+ av_log(s->avctx, AV_LOG_ERROR, "Width %d is too large\n", s->avctx->width); |
|
389 |
+ return AVERROR_INVALIDDATA; |
|
390 |
+ } |
|
387 | 391 |
|
388 | 392 |
|
389 | 393 |
s->qlog += get_symbol(&s->c, s->header_state, 1); |