From 7f50c25124a015a539823077bb302ff0c7ce8963 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 28 May 2017 03:18:02 +0200
Subject: avcodec/wnv1: More strict buffer size check

This requires at least 25% of a picture to allocate and decode it

Fixes: Timeout
Fixes: 1845/clusterfuzz-testcase-minimized-5075974343360512

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/wnv1.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libavcodec/wnv1.c')

diff --git a/libavcodec/wnv1.c b/libavcodec/wnv1.c
index 126c01a02d..915e9c7dc9 100644
--- a/libavcodec/wnv1.c
+++ b/libavcodec/wnv1.c
@@ -68,7 +68,7 @@ static int decode_frame(AVCodecContext *avctx,
     int prev_y = 0, prev_u = 0, prev_v = 0;
     uint8_t *rbuf;
 
-    if (buf_size <= 8) {
+    if (buf_size < 8 + avctx->height * (avctx->width/2)/8) {
         av_log(avctx, AV_LOG_ERROR, "Packet size %d is too small\n", buf_size);
         return AVERROR_INVALIDDATA;
     }
-- 
cgit v1.2.3