Message ID | 20220911142721.30812-4-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 14e99cb47212a9b42956034337a00658bcace1ef |
Headers | show |
Series | [FFmpeg-devel,1/5] avformat/mxfdec: Avoid some redundant writing to tables in mxf_compute_ptses_fake_index() | expand |
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
On Sun, Sep 11, 2022 at 04:27:20PM +0200, Michael Niedermayer wrote: > Fixes: out of array access > Fixes: 50936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HDR_fuzzer-5423041009549312 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/hdrdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply [...]
diff --git a/libavcodec/hdrdec.c b/libavcodec/hdrdec.c index 9b262f2ef2c..7727826e2a5 100644 --- a/libavcodec/hdrdec.c +++ b/libavcodec/hdrdec.c @@ -70,8 +70,8 @@ static int decompress(uint8_t *scanline, int w, GetByteContext *gb, const uint8_ for (int i = run << rshift; i > 0 && w > 0 && scanline >= start + 4; i--) { memcpy(scanline, scanline - 4, 4); scanline += 4; + w -= 4; } - w -= run << rshift; rshift += 8; if (rshift > 16) break;
Fixes: out of array access Fixes: 50936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HDR_fuzzer-5423041009549312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/hdrdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)