Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

avformat/jpegxl_anim_dec: Check that size fits within argument

Browse Source 
Fixes: out of array access
Fixes: 61991/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5524679648215040
Fixes: 62181/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5504964305485824
Fixes: 62214/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-4782972823535616

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
pull/390/head
Michael Niedermayer 1 year ago
parent 00a837c70c
commit d2e8974699
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 2 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      libavformat/jpegxl_anim_dec.c

2
libavformat/jpegxl_anim_dec.c
Unescape View File

@ -152,6 +152,8 @@ static int jpegxl_anim_read_packet(AVFormatContext *s, AVPacket *pkt)
size = avio_size(pb); size = avio_size(pb);
if (size < 0) if (size < 0)
return size; return size;
if (size > INT_MAX)
return AVERROR(EDOM);
if (size == 0) if (size == 0)
size = 4096; size = 4096;

Write Preview
Loading…
Cancel
Save