Testcase: 11663/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DIRAC_fuzzer-
5636791864918016
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
c->counter = -16;
c->range = 0xffff;
+ c->error = 0;
for (i = 0; i < DIRAC_CTX_COUNT; i++)
c->contexts[i] = 0x8000;
const uint8_t *bytestream_end;
uint16_t contexts[DIRAC_CTX_COUNT];
+ int error;
} DiracArith;
extern const uint8_t ff_dirac_next_ctx[DIRAC_CTX_COUNT];
while (!dirac_get_arith_bit(c, follow_ctx)) {
if (ret >= 0x40000000) {
av_log(NULL, AV_LOG_ERROR, "dirac_get_arith_uint overflow\n");
+ c->error = AVERROR_INVALIDDATA;
return -1;
}
ret <<= 1;
buf = b->ibuf + top * b->stride;
if (is_arith) {
for (y = top; y < bottom; y++) {
+ if (c->error)
+ return c->error;
for (x = left; x < right; x++) {
if (b->pshift) {
coeff_unpack_arith_10(c, qfactor, qoffset, b, (int32_t*)(buf)+x, x, y);