avcodec/exr: Check for remaining bits in huf_unpack_enc_table()

Fixes: Timeout
Fixes: 67645/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-6308760977997824

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 589fa8a027)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
release/6.1
Michael Niedermayer 9 months ago
parent 72b27f4f70
commit e85ea8baaa
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
  1. 5
      libavcodec/exr.c

@ -334,7 +334,10 @@ static int huf_unpack_enc_table(GetByteContext *gb,
return ret; return ret;
for (; im <= iM; im++) { for (; im <= iM; im++) {
uint64_t l = freq[im] = get_bits(&gbit, 6); uint64_t l;
if (get_bits_left(&gbit) < 6)
return AVERROR_INVALIDDATA;
l = freq[im] = get_bits(&gbit, 6);
if (l == LONG_ZEROCODE_RUN) { if (l == LONG_ZEROCODE_RUN) {
int zerun = get_bits(&gbit, 8) + SHORTEST_LONG_RUN; int zerun = get_bits(&gbit, 8) + SHORTEST_LONG_RUN;

Loading…
Cancel
Save