From dea2591d4fbc989ca82bc8a8ad7d16aacdc89af1 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon, 12 Aug 2019 00:21:49 +0200
Subject: avcodec/vb: Check input packet size to be large enough to contain
 flags

Fixes: Timeout (->9sec)
Fixes: 16292/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VB_fuzzer-5747063496638464

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/vb.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/vb.c b/libavcodec/vb.c
index c6dd6fb456..d9c6b93a73 100644
--- a/libavcodec/vb.c
+++ b/libavcodec/vb.c
@@ -199,6 +199,9 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
     uint32_t size;
     int offset = 0;
 
+    if (avpkt->size < 2)
+        return AVERROR_INVALIDDATA;
+
     bytestream2_init(&c->stream, avpkt->data, avpkt->size);
 
     if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
-- 
cgit v1.2.3