videolan
/
ffmpeg
mirror of https://git.videolan.org/git/ffmpeg.git
1
Fork 0
Code Releases Activity

avcodec/xwddec: Use ff_set_dimensions() 

Fixes: OOM
Fixes: 8178/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XWD_fuzzer-4844793342459904

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2018-06-08 00:42:31 +02:00
parent d13379fb79
commit c2852e4e00
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/xwddec.c
View File

@ -39,6 +39,7 @@ static int xwd_decode_frame(AVCodecContext *avctx, void *data,
uint32_t pixformat, pixdepth, bunit, bitorder, bpad;
uint32_t rgb[3];
uint8_t *ptr;
int width, height;
GetByteContext gb;
if (buf_size < XWD_HEADER_SIZE)
@ -60,8 +61,8 @@ static int xwd_decode_frame(AVCodecContext *avctx, void *data,
pixformat = bytestream2_get_be32u(&gb);
pixdepth = bytestream2_get_be32u(&gb);
avctx->width = bytestream2_get_be32u(&gb);
avctx->height = bytestream2_get_be32u(&gb);
width = bytestream2_get_be32u(&gb);
height = bytestream2_get_be32u(&gb);
xoffset = bytestream2_get_be32u(&gb);
be = bytestream2_get_be32u(&gb);
bunit = bytestream2_get_be32u(&gb);
@ -77,6 +78,9 @@ static int xwd_decode_frame(AVCodecContext *avctx, void *data,
ncolors = bytestream2_get_be32u(&gb);
bytestream2_skipu(&gb, header_size - (XWD_HEADER_SIZE - 20));
if ((ret = ff_set_dimensions(avctx, width, height)) < 0)
return ret;
av_log(avctx, AV_LOG_DEBUG,
"pixformat %"PRIu32", pixdepth %"PRIu32", bunit %"PRIu32", bitorder %"PRIu32", bpad %"PRIu32"\n",
pixformat, pixdepth, bunit, bitorder, bpad);