avcodec/prores_raw: Tiles of width less than 16 result in undefined behavior

Fixes: passing zero to __builtin_clz(), which is not a valid argument Fixes: 471569982/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PRORES_RAW_DEC_fuzzer-5832576221904896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2026-03-13 09:00:40 +08:00 · 2026-02-13 00:06:26 +01:00
parent 2ad078b589
commit be1fd6d9d4
1 changed files with 3 additions and 0 deletions
--- a/libavcodec/prores_raw.c
+++ b/libavcodec/prores_raw.c
@@ -461,6 +461,9 @@ static int decode_frame(AVCodecContext *avctx,
        tile->y = (n / s->nb_tw) * s->th;
        tile->x = (n % s->nb_tw) * s->tw;

+        if (avctx->width - tile->x < 16)
+            return AVERROR_PATCHWELCOME;
+
        offset += size;
    }