avcodec/smc: Check remaining input

Fixes: Timeout
Fixes: 1818/clusterfuzz-testcase-minimized-5039166473633792
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/smc.c b/libavcodec/smc.c
index 89524219f8a5e6ea2e1193f5d8a8489a695c7add..79f9a757a0502e63768b287273eb2af7f5605720 100644 (file)
--- a/libavcodec/smc.c
+++ b/libavcodec/smc.c
@@ -132,6 +132,10 @@ static void smc_decode_stream(SmcContext *s)
                 row_ptr, image_size);
             return;
         }
+        if (bytestream2_get_bytes_left(&s->gb) < 1) {
+            av_log(s->avctx, AV_LOG_ERROR, "input too small\n");
+            return;
+        }
 
         opcode = bytestream2_get_byte(&s->gb);
         switch (opcode & 0xF0) {