diff mbox series

[FFmpeg-devel,4/5] avcodec/hdrdec: Update w in inner loop of decompress()

Message ID 20220911142721.30812-4-michael@niedermayer.cc
State Accepted
Commit 14e99cb47212a9b42956034337a00658bcace1ef
Headers show
Series [FFmpeg-devel,1/5] avformat/mxfdec: Avoid some redundant writing to tables in mxf_compute_ptses_fake_index() | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

Michael Niedermayer Sept. 11, 2022, 2:27 p.m. UTC 
Fixes: out of array access
Fixes: 50936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HDR_fuzzer-5423041009549312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/hdrdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer Sept. 16, 2022, 6:37 p.m. UTC | #1 
On Sun, Sep 11, 2022 at 04:27:20PM +0200, Michael Niedermayer wrote:
> Fixes: out of array access
> Fixes: 50936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HDR_fuzzer-5423041009549312
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/hdrdec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

will apply

[...]
diff mbox series

Patch

diff --git a/libavcodec/hdrdec.c b/libavcodec/hdrdec.c
index 9b262f2ef2c..7727826e2a5 100644
--- a/libavcodec/hdrdec.c
+++ b/libavcodec/hdrdec.c
@@ -70,8 +70,8 @@  static int decompress(uint8_t *scanline, int w, GetByteContext *gb, const uint8_
             for (int i = run << rshift; i > 0 && w > 0 && scanline >= start + 4; i--) {
                 memcpy(scanline, scanline - 4, 4);
                 scanline += 4;
+                w -= 4;
             }
-            w -= run << rshift;
             rshift += 8;
             if (rshift > 16)
                 break;