avcodec/pictordec: Error out if more than one plane is unused

Fixes: Timeout
Fixes: 9797/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PICTOR_fuzzer-5664441659031552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/pictordec.c b/libavcodec/pictordec.c
index b29a484534150fa581de593bf655c65321ab32ee..65d2d49060b4f0aaee342fee12c13a904c234bf1 100644 (file)
--- a/libavcodec/pictordec.c
+++ b/libavcodec/pictordec.c
@@ -236,6 +236,9 @@ static int decode_frame(AVCodecContext *avctx,
             }
         }
 
+        if (s->nb_planes - plane > 1)
+            return AVERROR_INVALIDDATA;
+
         if (plane < s->nb_planes && x < avctx->width) {
             int run = (y + 1) * avctx->width - x;
             if (bits_per_plane == 8)