Fixes: out of array read
Fixes: 2097/clusterfuzz-testcase-minimized-
5036861833609216
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
return -1;
}
+ if (reference) {
+ if (reference->width != s->picture_ptr->width ||
+ reference->height != s->picture_ptr->height ||
+ reference->format != s->picture_ptr->format) {
+ av_log(s->avctx, AV_LOG_ERROR, "Reference mismatching\n");
+ return AVERROR_INVALIDDATA;
+ }
+ }
+
av_assert0(s->picture_ptr->data[0]);
/* XXX: verify len field validity */
len = get_bits(&s->gb, 16);