avcodec/msmpeg4dec: Skip frame if its smaller than 1/8 of the minimal size

Frames that small are not valid and of limited use for error concealment, while
being very computationally intensive to process.

Fixes: Timeout
Fixes: 11318/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSMPEG4V1_fuzzer-5710884555456512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

1 files changed, 8 insertions, 0 deletions

diff --git a/libavcodec/msmpeg4dec.c b/libavcodec/msmpeg4dec.c
index 457a37e745..16b67192b5 100644
--- a/libavcodec/msmpeg4dec.c
+++ b/libavcodec/msmpeg4dec.c
@@ -412,6 +412,14 @@ int ff_msmpeg4_decode_picture_header(MpegEncContext * s)
 {
     int code;
 
+    // at minimum one bit per macroblock is required at least in a valid frame,
+    // we discard frames much smaller than this. Frames smaller than 1/8 of the
+    // smallest "black/skip" frame generally contain not much recoverable content
+    // while at the same time they have the highest computational requirements
+    // per byte
+    if (get_bits_left(&s->gb) * 8LL < (s->width+15)/16 * ((s->height+15)/16))
+        return AVERROR_INVALIDDATA;
+
     if(s->msmpeg4_version==1){
         int start_code = get_bits_long(&s->gb, 32);
         if(start_code!=0x00000100){