Fixes: out of array write
Fixes: 32116/clusterfuzz-testcase-minimized-ffmpeg_dem_SIMBIOSIS_IMX_fuzzer-6702533894602752
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
imx->first_video_packet_pos = pos;
break;
case 0xAA98:
+ if (chunk_size > 256 * 3)
+ return AVERROR_INVALIDDATA;
for (int i = 0; i < chunk_size / 3; i++) {
unsigned r = avio_r8(pb) << 18;
unsigned g = avio_r8(pb) << 10;