avcodec/loco: Limit lossy parameter so it is sane and does not overflow

Fixes: 15248/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_LOCO_fuzzer-5087440458481664 Fixes: signed integer overflow: 3 + 2147483647 cannot be represented in type 'int' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2019-06-15 21:47:16 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2019-06-25 13:30:09 +0200
commit: ce3b0b9066b433564ed3ee3eed3a1e8f2c0834a1 (patch)
tree: d2d44c06824495fbcd4a2391ce575d097c97173f /libavcodec
parent: 696312c487d9d8c49a087017a829d1cdcbd68651 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/loco.c b/libavcodec/loco.c
index 741db3bdce..e8c62b8178 100644
--- a/libavcodec/loco.c
+++ b/libavcodec/loco.c
@@ -295,6 +295,11 @@ static av_cold int decode_init(AVCodecContext *avctx)
         avpriv_request_sample(avctx, "LOCO codec version %i", version);
     }
 
+    if (l->lossy > 65536U) {
+        av_log(avctx, AV_LOG_ERROR, "lossy %i is too large\n", l->lossy);
+        return AVERROR_INVALIDDATA;
+    }
+
     l->mode = AV_RL32(avctx->extradata + 4);
     switch (l->mode) {
     case LOCO_CYUY2:
author	Michael Niedermayer <michael@niedermayer.cc>	2019-06-15 21:47:16 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2019-06-25 13:30:09 +0200
commit	ce3b0b9066b433564ed3ee3eed3a1e8f2c0834a1 (patch)
tree	d2d44c06824495fbcd4a2391ce575d097c97173f /libavcodec
parent	696312c487d9d8c49a087017a829d1cdcbd68651 (diff)