tools/target_dec_fuzzer: Do not test AV_CODEC_FLAG2_FAST with AV_CODEC_ID_H264

This combination skips allocating large padding which can read out of array

Fixes: 20978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5746381832847360
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index dc7efe914d7f2259f10d786237667caaf8fa62d2..f43f4170889969368e861893111076595388877d 100644 (file)
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -206,7 +206,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
             if (flags & 8)
                 ctx->err_recognition |= AV_EF_EXPLODE;
         }
-        if (flags & 0x10)
+        if ((flags & 0x10) && c->id != AV_CODEC_ID_H264)
             ctx->flags2 |= AV_CODEC_FLAG2_FAST;
 
         if (flags & 0x40)