avcodec/cinepak: Check available input against encoded buffer size

Fixes: Timeout (12sec -> 2sec)
Fixes: 14606/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_CINEPAK_fuzzer-5738687561728000
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
index a5132ddbc075b2b24e6ac0acc036702f5f95d0ec..aeb15de0ed90b17bf811db591a91e6ce8f20d16a 100644 (file)
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -323,6 +323,9 @@ static int cinepak_predecode_check (CinepakContext *s)
     num_strips  = AV_RB16 (&s->data[8]);
     encoded_buf_size = AV_RB24(&s->data[1]);
 
+    if (s->size < encoded_buf_size * (int64_t)(100 - s->avctx->discard_damaged_percentage) / 100)
+        return AVERROR_INVALIDDATA;
+
     /* if this is the first frame, check for deviant Sega FILM data */
     if (s->sega_film_skip_bytes == -1) {
         if (!encoded_buf_size) {