Fixes: randomly writing over the array end
Fixes: 1473/clusterfuzz-testcase-minimized-
5768907824562176
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
return AVERROR_INVALIDDATA;
}
- if (depth & 0x80)
+ if (depth & 0x80 && entry_id < 4)
clut->clut4[entry_id] = RGBA(r,g,b,255 - alpha);
- else if (depth & 0x40)
+ else if (depth & 0x40 && entry_id < 16)
clut->clut16[entry_id] = RGBA(r,g,b,255 - alpha);
else if (depth & 0x20)
clut->clut256[entry_id] = RGBA(r,g,b,255 - alpha);