Ask for a sample for these
Fixes: out of array access
Fixes: 16624/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5762455661182976
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 55d4e22d71ca75223ee61f7d2535fdc6e9991026)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
... | ... |
@@ -153,6 +153,10 @@ static void decode_block(uint8_t *src, uint8_t *dest, unsigned size, |
153 | 153 |
|
154 | 154 |
if (align) { |
155 | 155 |
uint32_t tmpkey = *key_ptr - key; |
156 |
+ if (a2 > s) { |
|
157 |
+ a2 = s; |
|
158 |
+ avpriv_request_sample(NULL, "tiny aligned block\n"); |
|
159 |
+ } |
|
156 | 160 |
memcpy(tmp + align, src, a2); |
157 | 161 |
xor_block(tmp, tmp, 4, key, &tmpkey); |
158 | 162 |
memcpy(dest, tmp + align, a2); |