avcodec/dsicinvideo: Fail if there is only a small fraction of the data available...

Fixes: Timeout
Fixes: 6306/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DSICINVIDEO_fuzzer-5079253549842432
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/dsicinvideo.c b/libavcodec/dsicinvideo.c
index add7afa383170f808e29d0d6fa22c1544ab6a1bb..aa080417d25f118e4bedd25504680b4f683d583d 100644 (file)
--- a/libavcodec/dsicinvideo.c
+++ b/libavcodec/dsicinvideo.c
@@ -158,6 +158,9 @@ static int cin_decode_lzss(const unsigned char *src, int src_size,
         }
     }
 
+    if (dst_end - dst > dst_size - dst_size/10)
+        return AVERROR_INVALIDDATA;
+
     return 0;
 }
 
@@ -184,6 +187,10 @@ static int cin_decode_rle(const unsigned char *src, int src_size,
         }
         dst += len;
     }
+
+    if (dst_end - dst > dst_size - dst_size/10)
+        return AVERROR_INVALIDDATA;
+
     return 0;
 }