avcodec/svq3: Check for minimum size input

Fixes: Timeout
Fixes: 71295/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SVQ3_fuzzer-4999941125111808

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <[email protected]>
(cherry picked from commit 050b5e85cbe61414ba9b78f76a04b2488e816f42)
Signed-off-by: Michael Niedermayer <[email protected]>

diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
index 8a6783682789d4df337016fd7a840667ddfb4da7..fef0202b79bebcb4ac8002de03993b2d7673a92d 100644 (file)
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -1439,6 +1439,9 @@ static int svq3_decode_frame(AVCodecContext *avctx, void *data,
     if (svq3_decode_slice_header(avctx))
         return -1;
 
+    if (avpkt->size < s->mb_width * s->mb_height / 8)
+        return AVERROR_INVALIDDATA;
+
     s->pict_type = s->slice_type;
 
     if (s->pict_type != AV_PICTURE_TYPE_B)