avcodec/wmv2dec: Check that the P frame secondary header fit in the input

Fixes: Timeout (64sec ->2 sec)
Fixes: 14131/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV2_fuzzer-5719879556005888
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/wmv2dec.c b/libavcodec/wmv2dec.c
index 92daa1639e5e9b7a2572b891d5d1c964f4213af2..124dfdb7e0068a58999bb7b171e286b67ff0839d 100644 (file)
--- a/libavcodec/wmv2dec.c
+++ b/libavcodec/wmv2dec.c
@@ -230,6 +230,9 @@ int ff_wmv2_decode_secondary_picture_header(MpegEncContext *s)
             s->rl_chroma_table_index = s->rl_table_index;
         }
 
+        if (get_bits_left(&s->gb) < 2)
+            return AVERROR_INVALIDDATA;
+
         s->dc_table_index   = get_bits1(&s->gb);
         s->mv_table_index   = get_bits1(&s->gb);