avcodec/vc1: Check for excessive resolution

Fixes: overflow in aspect ratio calculation Fixes: signed integer overflow: 393215 * 14594 cannot be represented in type 'int' Fixes: 15728/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5661588893204480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2019-08-08 19:30:50 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2019-09-28 18:34:24 +0200
commit: 181e138da7207523b387eabc28d24e74a46248bc (patch)
tree: 48ef40d1ca77c85ce7b0673670eb3ff18748c753 /libavcodec/vc1.c
parent: 7f7af9e294f8bc00756922ab088430ea5b9d7498 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c
index 42bfca55b1..13119bd0b3 100644
--- a/libavcodec/vc1.c
+++ b/libavcodec/vc1.c
@@ -451,7 +451,11 @@ static int decode_sequence_header_adv(VC1Context *v, GetBitContext *gb)
             h = get_bits(gb, 8) + 1;
             v->s.avctx->sample_aspect_ratio = (AVRational){w, h};
         } else {
-            av_reduce(&v->s.avctx->sample_aspect_ratio.num,
+            if (v->s.avctx->width  > v->max_coded_width ||
+                v->s.avctx->height > v->max_coded_height) {
+                avpriv_request_sample(v->s.avctx, "Huge resolution");
+            } else
+                av_reduce(&v->s.avctx->sample_aspect_ratio.num,
                       &v->s.avctx->sample_aspect_ratio.den,
                       v->s.avctx->height * w,
                       v->s.avctx->width * h,
author	Michael Niedermayer <michael@niedermayer.cc>	2019-08-08 19:30:50 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2019-09-28 18:34:24 +0200
commit	181e138da7207523b387eabc28d24e74a46248bc (patch)
tree	48ef40d1ca77c85ce7b0673670eb3ff18748c753 /libavcodec/vc1.c
parent	7f7af9e294f8bc00756922ab088430ea5b9d7498 (diff)