avcodec/hcadec: do not allow code to continue after failed init

Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HCA_fuzzer-6247136417087488
Fixes: out of array write

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 48eeb198a5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
release/6.1
Michael Niedermayer 10 months ago
parent 30fe9d3511
commit aa4cf7a584
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
  1. 4
      libavcodec/hcadec.c

@ -538,8 +538,10 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame,
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} else if (AV_RB16(avpkt->data + 6) <= avpkt->size) { } else if (AV_RB16(avpkt->data + 6) <= avpkt->size) {
ret = init_hca(avctx, avpkt->data, AV_RB16(avpkt->data + 6)); ret = init_hca(avctx, avpkt->data, AV_RB16(avpkt->data + 6));
if (ret < 0) if (ret < 0) {
c->crc_table = NULL; // signal that init has not finished
return ret; return ret;
}
offset = AV_RB16(avpkt->data + 6); offset = AV_RB16(avpkt->data + 6);
if (offset == avpkt->size) if (offset == avpkt->size)
return avpkt->size; return avpkt->size;

Loading…
Cancel
Save