Browse code
avcodec/dvbsubdec: Check pixel buffer size constraint from ETSI EN 300 743 V1.3.1
Fixes: OOM
Fixes: 2143/clusterfuzz-testcase-minimized-5482288060039168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Michael Niedermayer authored on 2017/06/10 06:16:55Showing 1 changed files
| ... | ... |
@@ -1158,6 +1158,10 @@ static int dvbsub_parse_region_segment(AVCodecContext *avctx, |
| 1158 | 1158 |
buf += 2; |
| 1159 | 1159 |
|
| 1160 | 1160 |
ret = av_image_check_size2(region->width, region->height, avctx->max_pixels, AV_PIX_FMT_PAL8, 0, avctx); |
| 1161 |
+ if (ret >= 0 && region->width * region->height * 2 > 320 * 1024 * 8) {
|
|
| 1162 |
+ ret = AVERROR_INVALIDDATA; |
|
| 1163 |
+ av_log(avctx, AV_LOG_ERROR, "Pixel buffer memory constraint violated\n"); |
|
| 1164 |
+ } |
|
| 1161 | 1165 |
if (ret < 0) {
|
| 1162 | 1166 |
region->width= region->height= 0; |
| 1163 | 1167 |
return ret; |