avcodec/pngdec: Check input space

Fixes: Timeout (33sec -> 78ms)
Fixes: 14668/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LSCR_fuzzer-5767073352908800
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index 7fcf83e34790b3ad5a8bb8dccee5fd8b45104997..5209e342db5d54737aac3a09b34b22ddaebb67d2 100644 (file)
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -1535,6 +1535,9 @@ static int decode_frame_lscr(AVCodecContext *avctx,
     AVFrame *frame = data;
     int ret, nb_blocks, offset = 0;
 
+    if (avpkt->size < 2)
+        return AVERROR_INVALIDDATA;
+
     bytestream2_init(gb, avpkt->data, avpkt->size);
 
     if ((ret = ff_get_buffer(avctx, frame, AV_GET_BUFFER_FLAG_REF)) < 0)