Fixes: out of array access
Fixes: 31640/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5630883286614016
Fixes: 31619/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SGA_fuzzer-5176667708456960
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
if (offset <= 0)
offset = 1;
- if (oi < offset)
+ if (oi < offset || oi + count * 2 > dst_size)
return AVERROR_INVALIDDATA;
for (int j = 0; j < count * 2; j++) {
dst[oi] = dst[oi - offset];