From f91e7ec9dfb32dd27c2474de4f98a2e47126f7a7 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 4 Aug 2018 02:56:56 +0200
Subject: avcodec/microdvddec: limit style characters in parsing

Fixes: Timeout
Fixes: 9293/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MICRODVD_fuzzer-5643972541153280

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/microdvddec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libavcodec')

diff --git a/libavcodec/microdvddec.c b/libavcodec/microdvddec.c
index 4a34267793..dad0ec8a22 100644
--- a/libavcodec/microdvddec.c
+++ b/libavcodec/microdvddec.c
@@ -99,7 +99,7 @@ static char *microdvd_load_tags(struct microdvd_tag *tags, char *s)
         case 'Y':
             tag.persistent = MICRODVD_PERSISTENT_ON;
         case 'y':
-            while (*s && *s != '}') {
+            while (*s && *s != '}' && s - start < 256) {
                 int style_index = indexof(MICRODVD_STYLES, *s);
 
                 if (style_index >= 0)
-- 
cgit v1.2.3