Fixes: randomly writing over the array end
Fixes: 1473/clusterfuzz-testcase-minimized-5768907824562176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
... | ... |
@@ -1103,9 +1103,9 @@ static int dvbsub_parse_clut_segment(AVCodecContext *avctx, |
1103 | 1103 |
return AVERROR_INVALIDDATA; |
1104 | 1104 |
} |
1105 | 1105 |
|
1106 |
- if (depth & 0x80) |
|
1106 |
+ if (depth & 0x80 && entry_id < 4) |
|
1107 | 1107 |
clut->clut4[entry_id] = RGBA(r,g,b,255 - alpha); |
1108 |
- else if (depth & 0x40) |
|
1108 |
+ else if (depth & 0x40 && entry_id < 16) |
|
1109 | 1109 |
clut->clut16[entry_id] = RGBA(r,g,b,255 - alpha); |
1110 | 1110 |
else if (depth & 0x20) |
1111 | 1111 |
clut->clut256[entry_id] = RGBA(r,g,b,255 - alpha); |