avcodec/vp568: Check that there is enough data for ff_vp56_init_range_decoder()

Fixes: timeout in 730/clusterfuzz-testcase-5265113739165696 (part 1 of 2) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Reviewed-by: BBB Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2017-03-07 19:09:38 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2017-03-07 21:29:12 +0100
commit: 55d7371fe0c44c025eb0e75215e0685870f31874 (patch)
tree: d8d8913bc28d15bb37c89d47baf68ba65dde31a2 /libavcodec/vp56rac.c
parent: 5098a6f6275a57f122cd8f03e7ffbe5dd090b8e0 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/libavcodec/vp56rac.c b/libavcodec/vp56rac.c
index 6061b7ee72..e70302bf85 100644
--- a/libavcodec/vp56rac.c
+++ b/libavcodec/vp56rac.c
@@ -37,11 +37,14 @@ const uint8_t ff_vp56_norm_shift[256]= {
  0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
 };
 
-void ff_vp56_init_range_decoder(VP56RangeCoder *c, const uint8_t *buf, int buf_size)
+int ff_vp56_init_range_decoder(VP56RangeCoder *c, const uint8_t *buf, int buf_size)
 {
     c->high = 255;
     c->bits = -16;
     c->buffer = buf;
     c->end = buf + buf_size;
+    if (buf_size < 1)
+        return AVERROR_INVALIDDATA;
     c->code_word = bytestream_get_be24(&c->buffer);
+    return 0;
 }
author	Michael Niedermayer <michael@niedermayer.cc>	2017-03-07 19:09:38 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2017-03-07 21:29:12 +0100
commit	55d7371fe0c44c025eb0e75215e0685870f31874 (patch)
tree	d8d8913bc28d15bb37c89d47baf68ba65dde31a2 /libavcodec/vp56rac.c
parent	5098a6f6275a57f122cd8f03e7ffbe5dd090b8e0 (diff)