avcodec/exr: Check xdelta, ydelta

Fixes: assertion failure
Fixes: 25617/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5648746061496320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index 216d216785a2812549937ba62ed83cb1f5980c63..c80e8eb5e0ae71365a95e65f4ea10cf9669e4144 100644 (file)
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1751,7 +1751,8 @@ static int decode_frame(AVCodecContext *avctx, void *data,
 
     /* Verify the xmin, xmax, ymin and ymax before setting the actual image size.
      * It's possible for the data window can larger or outside the display window */
-    if (s->xmin > s->xmax  || s->ymin > s->ymax) {
+    if (s->xmin > s->xmax  || s->ymin > s->ymax ||
+        s->ydelta == 0xFFFFFFFF || s->xdelta == 0xFFFFFFFF) {
         av_log(avctx, AV_LOG_ERROR, "Wrong or missing size information.\n");
         return AVERROR_INVALIDDATA;
     }