avcodec/mobiclip: set the bitstream size to the input

Fixes: out of array read
Fixes: 25453/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MOBICLIP_fuzzer-5163575973511168
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/mobiclip.c b/libavcodec/mobiclip.c
index 0f150a551a89111ee8fff1a1549ef2088e50d5b6..5645234e002e2c760053077d96dfd849e7e11e3b 100644 (file)
--- a/libavcodec/mobiclip.c
+++ b/libavcodec/mobiclip.c
@@ -1308,7 +1308,7 @@ static int mobiclip_decode(AVCodecContext *avctx, void *data,
                         (uint16_t *)pkt->data,
                         (pkt->size + 1) >> 1);
 
-    ret = init_get_bits8(gb, s->bitstream, s->bitstream_size);
+    ret = init_get_bits8(gb, s->bitstream, FFALIGN(pkt->size, 2));
     if (ret < 0)
         return ret;