Message ID | 20211204213258.11971-3-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | a4af92d7cb044424d31a99fc2f8a091f882036a5 |
Headers | show |
Series | [FFmpeg-devel,1/4] avformat/mov: Check for EOF in mov_read_glbl() | expand |
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
andriy/make_ppc | success | Make finished |
andriy/make_fate_ppc | success | Make fate finished |
lör 2021-12-04 klockan 22:32 +0100 skrev Michael Niedermayer: > Fixes: shift exponent 4294967163 is too large for 32-bit type 'int' > Fixes: 41449/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer- > 6183636217495552 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/mxfdec.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c > index af9d33f7969..c231c944c01 100644 > --- a/libavformat/mxfdec.c > +++ b/libavformat/mxfdec.c > @@ -2274,12 +2274,12 @@ static enum AVColorRange > mxf_get_color_range(MXFContext *mxf, MXFDescriptor *des > /* CDCI range metadata */ > if (!descriptor->component_depth) > return AVCOL_RANGE_UNSPECIFIED; > - if (descriptor->black_ref_level == 0 && > + if (descriptor->black_ref_level == 0 && descriptor- > >component_depth < 31 && > descriptor->white_ref_level == ((1<<descriptor- > >component_depth) - 1) && > (descriptor->color_range == (1<<descriptor- > >component_depth) || > descriptor->color_range == ((1<<descriptor- > >component_depth) - 1))) > return AVCOL_RANGE_JPEG; > - if (descriptor->component_depth >= 8 && > + if (descriptor->component_depth >= 8 && descriptor- > >component_depth < 31 && > descriptor->black_ref_level == (1 <<(descriptor- > >component_depth - 4)) && > descriptor->white_ref_level == (235<<(descriptor- > >component_depth - 8)) && > descriptor->color_range == ((14<<(descriptor- > >component_depth - 4)) + 1)) Looks OK /Tomas
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index af9d33f7969..c231c944c01 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -2274,12 +2274,12 @@ static enum AVColorRange mxf_get_color_range(MXFContext *mxf, MXFDescriptor *des /* CDCI range metadata */ if (!descriptor->component_depth) return AVCOL_RANGE_UNSPECIFIED; - if (descriptor->black_ref_level == 0 && + if (descriptor->black_ref_level == 0 && descriptor->component_depth < 31 && descriptor->white_ref_level == ((1<<descriptor->component_depth) - 1) && (descriptor->color_range == (1<<descriptor->component_depth) || descriptor->color_range == ((1<<descriptor->component_depth) - 1))) return AVCOL_RANGE_JPEG; - if (descriptor->component_depth >= 8 && + if (descriptor->component_depth >= 8 && descriptor->component_depth < 31 && descriptor->black_ref_level == (1 <<(descriptor->component_depth - 4)) && descriptor->white_ref_level == (235<<(descriptor->component_depth - 8)) && descriptor->color_range == ((14<<(descriptor->component_depth - 4)) + 1))
Fixes: shift exponent 4294967163 is too large for 32-bit type 'int' Fixes: 41449/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6183636217495552 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/mxfdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)