avcodec/cbs_vp9: Check data_size

Fixes: out of array access
Fixes: 19542/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5659498341728256
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: James Almer <jamrial@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/cbs_vp9.c b/libavcodec/cbs_vp9.c
index 98730e03e3a2023735d9219cff2d2b1280b45e7e..ec82f11c768578b27a3a9d8fbcdbb27c9e90034d 100644 (file)
--- a/libavcodec/cbs_vp9.c
+++ b/libavcodec/cbs_vp9.c
@@ -416,6 +416,9 @@ static int cbs_vp9_split_fragment(CodedBitstreamContext *ctx,
     uint8_t superframe_header;
     int err;
 
+    if (frag->data_size == 0)
+        return AVERROR_INVALIDDATA;
+
     // Last byte in the packet.
     superframe_header = frag->data[frag->data_size - 1];