From e7af64178a48b30bade107c2d2938b48bd86eb82 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 12 Dec 2019 23:13:02 +0100
Subject: [PATCH] avcodec/iff: Check input space before loop in
 decode_delta_d()

Fixes: Timeout (114sec ->108ms)
Fixes: 19290/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_IFF_ILBM_fuzzer-5740598116220928

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/iff.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/iff.c b/libavcodec/iff.c
index f82141d2e7..d826e78089 100644
--- a/libavcodec/iff.c
+++ b/libavcodec/iff.c
@@ -1354,6 +1354,9 @@ static void decode_delta_d(uint8_t *dst,
         bytestream2_init(&gb, buf + ofssrc, buf_end - (buf + ofssrc));
 
         entries = bytestream2_get_be32(&gb);
+        if (entries * 8LL > bytestream2_get_bytes_left(&gb))
+            return;
+
         while (entries && bytestream2_get_bytes_left(&gb) >= 8) {
             int32_t opcode  = bytestream2_get_be32(&gb);
             unsigned offset = bytestream2_get_be32(&gb);