avcodec/indeo4: Check for end of bitstream in decode_mb_info()

Fixes: Timeout
Fixes: 8776/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_INDEO4_fuzzer-5361788798369792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/indeo4.c b/libavcodec/indeo4.c
index 7dff9db8771ef569f4de86373b813b92a58efd14..15ad6f8afc69c79ee40a7ef5b90a60796c963b72 100644 (file)
--- a/libavcodec/indeo4.c
+++ b/libavcodec/indeo4.c
@@ -492,6 +492,11 @@ static int decode_mb_info(IVI45DecContext *ctx, IVIBandDesc *band,
             mb->b_mv_x   =
             mb->b_mv_y   = 0;
 
+            if (get_bits_left(&ctx->gb) < 1) {
+                av_log(avctx, AV_LOG_ERROR, "Insufficient input for mb info\n");
+                return AVERROR_INVALIDDATA;
+            }
+
             if (get_bits1(&ctx->gb)) {
                 if (ctx->frame_type == IVI4_FRAMETYPE_INTRA) {
                     av_log(avctx, AV_LOG_ERROR, "Empty macroblock in an INTRA picture!\n");