Message ID | 20210303094904.4221-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 8a3fea802a3e4274dbe084d372ec8aeab3932b3e |
Headers | show |
Series | [FFmpeg-devel,1/4] avcodec/jpegls: Check A[Q] for overflow in ff_jpegls_update_state_regular() | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make | success | Make finished |
andriy/PPC64_make_fate | success | Make fate finished |
On Wed, Mar 03, 2021 at 10:49:01AM +0100, Michael Niedermayer wrote: > Fixes: Timeout > Fixes: 30912/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5556235476795392 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/jpegls.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) will apply [...]
diff --git a/libavcodec/jpegls.h b/libavcodec/jpegls.h index 16372bd39d..aac67bbe31 100644 --- a/libavcodec/jpegls.h +++ b/libavcodec/jpegls.h @@ -95,7 +95,7 @@ static inline void ff_jpegls_downscale_state(JLSState *state, int Q) static inline int ff_jpegls_update_state_regular(JLSState *state, int Q, int err) { - if(FFABS(err) > 0xFFFF) + if(FFABS(err) > 0xFFFF || FFABS(err) > INT_MAX - state->A[Q]) return -0x10000; state->A[Q] += FFABS(err); err *= state->twonear;
Fixes: Timeout Fixes: 30912/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MJPEG_fuzzer-5556235476795392 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/jpegls.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)