From ce0bb67b1fda5e95ee438471c8ffc06b977b8ef2 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 11 Jan 2023 23:56:05 +0100
Subject: [PATCH] avcodec/pngdec: dont skip/read chunk twice

Fixes: out of array access
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PNG_fuzzer-6668158952144896.fuzz

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit df1a38d5200e14a29903f1027b4548d595c7ff8a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/pngdec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index 23e42aaf26..9f142980a0 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -1231,6 +1231,7 @@ static int decode_frame_common(AVCodecContext *avctx, PNGDecContext *s,
                 }
                 av_log(avctx, AV_LOG_ERROR, ", skipping\n");
                 bytestream2_skip(&s->gb, length + 8); /* tag */
+                continue;
             }
         }
         tag = bytestream2_get_le32(&s->gb);