From 43015afd7ce9055f1fa2d7648c3fcd9b7cfd7721 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 3 Aug 2019 00:29:48 +0200
Subject: avcodec/mss1: check for overread and forward errors

Fixes: Timeout (106sec -> 14ms)
Fixes: 15576/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MSS1_fuzzer-5688080461201408

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/mss12.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'libavcodec/mss12.h')

diff --git a/libavcodec/mss12.h b/libavcodec/mss12.h
index 45c4074652..6f68fc3db6 100644
--- a/libavcodec/mss12.h
+++ b/libavcodec/mss12.h
@@ -47,6 +47,8 @@ typedef struct Model {
 
 typedef struct ArithCoder {
     int low, high, value;
+    int overread;
+#define MAX_OVERREAD 16
     union {
         GetBitContext *gb;
         GetByteContext *gB;
-- 
cgit v1.2.3