From 63b8d4146d78595638417e431ea390aaf01f560f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 1 May 2017 17:53:11 +0200 Subject: [PATCH] avcodec/bmp: Use ff_set_dimensions() Fixes out of memory Fixes: 1282/clusterfuzz-testcase-minimized-5400131681648640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/bmp.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/bmp.c b/libavcodec/bmp.c index 72957499d3..65d239e4f8 100644 --- a/libavcodec/bmp.c +++ b/libavcodec/bmp.c @@ -133,8 +133,11 @@ static int bmp_decode_frame(AVCodecContext *avctx, alpha = bytestream_get_le32(&buf); } - avctx->width = width; - avctx->height = height > 0 ? height : -(unsigned)height; + ret = ff_set_dimensions(avctx, width, height > 0 ? height : -(unsigned)height); + if (ret < 0) { + av_log(avctx, AV_LOG_ERROR, "Failed to set dimensions %d %d\n", width, height); + return AVERROR_INVALIDDATA; + } avctx->pix_fmt = AV_PIX_FMT_NONE;