avcodec/ituh263dec: Make the condition for the studio slice start code match between...

If they mismatch an infinite loop can occur
Fixes: Timeout (infinite loop)
Fixes: 17043/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEG4_fuzzer-5695051748868096
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c
index afc786bd8b2e55b42b25eed3a77fdb420b722567..c37f872b3c0d1d1a1cb21fbcbaee651720027284 100644 (file)
--- a/libavcodec/ituh263dec.c
+++ b/libavcodec/ituh263dec.c
@@ -222,7 +222,7 @@ int ff_h263_resync(MpegEncContext *s){
             get_bits(&s->gb, 8);
         }
 
-        if (show_bits_long(&s->gb, 32) == SLICE_START_CODE)
+        if (get_bits_left(&s->gb) >= 32 && show_bits_long(&s->gb, 32) == SLICE_START_CODE)
             return get_bits_count(&s->gb);
         else
             return -1;