Fixes: out of memory
Fixes: 29985/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CRI_fuzzer-6424425392111616
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
char codec_name[1024];
uint32_t key, length;
float framerate;
+ int width, height;
key = bytestream2_get_le32(gb);
length = bytestream2_get_le32(gb);
case 100:
if (length < 16)
return AVERROR_INVALIDDATA;
- avctx->width = bytestream2_get_le32(gb);
- avctx->height = bytestream2_get_le32(gb);
+ width = bytestream2_get_le32(gb);
+ height = bytestream2_get_le32(gb);
s->color_model = bytestream2_get_le32(gb);
if (bytestream2_get_le32(gb) != 1)
return AVERROR_INVALIDDATA;
+ ret = ff_set_dimensions(avctx, width, height);
+ if (ret < 0)
+ return ret;
length -= 16;
goto skip;
case 101: