diff mbox

[FFmpeg-devel,2/2] avcodec/mjpegdec: Check for odd progressive RGB

Message ID 20180706152430.29695-2-michael@niedermayer.cc
State Accepted
Commit ee1e3ca5eb1ec7d34e925d129c893e33847ee0b7
Headers show

Commit Message

Michael Niedermayer July 6, 2018, 3:24 p.m. UTC 
Fixes: out of array access
Fixes: 9225/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5684770334834688

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/mjpegdec.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Michael Niedermayer July 7, 2018, 9:58 p.m. UTC | #1 
On Fri, Jul 06, 2018 at 05:24:30PM +0200, Michael Niedermayer wrote:
> Fixes: out of array access
> Fixes: 9225/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5684770334834688
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/mjpegdec.c | 4 ++++
>  1 file changed, 4 insertions(+)

will apply

[...]
diff mbox

Patch

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 00cfdd7151..5e784d980c 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -626,6 +626,10 @@  unk_pixfmt:
         avpriv_report_missing_feature(s->avctx, "Lowres for weird subsampling");
         return AVERROR_PATCHWELCOME;
     }
+    if ((AV_RB32(s->upscale_h) || AV_RB32(s->upscale_v)) && s->progressive && s->avctx->pix_fmt == AV_PIX_FMT_GBRP) {
+        avpriv_report_missing_feature(s->avctx, "progressive for weird subsampling");
+        return AVERROR_PATCHWELCOME;
+    }
     if (s->ls) {
         memset(s->upscale_h, 0, sizeof(s->upscale_h));
         memset(s->upscale_v, 0, sizeof(s->upscale_v));