diff mbox series

[FFmpeg-devel,3/3] avcodec/jpegxl_parser: Check for ctx->skip overflow

Message ID 20230910010952.24389-3-michael@niedermayer.cc
State Accepted
Commit ca09d8a0dcd82e3128e62463231296aaf63ae6f7
Headers show
Series [FFmpeg-devel,1/3] avcodec/wavarc: Use unsigned for samples in 1dif, 2slp, 5elp | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

Michael Niedermayer Sept. 10, 2023, 1:09 a.m. UTC 
Fixes: out of array access
Fixes: 62113/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5025082076168192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/jpegxl_parser.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/libavcodec/jpegxl_parser.c b/libavcodec/jpegxl_parser.c
index 20c8a41a89b..619a16448fa 100644
--- a/libavcodec/jpegxl_parser.c
+++ b/libavcodec/jpegxl_parser.c
@@ -1326,7 +1326,7 @@  static int skip_boxes(JXLParseContext *ctx, const uint8_t *buf, int buf_size)
         if (!size)
             return AVERROR_INVALIDDATA;
         /* invalid ISOBMFF size */
-        if (size <= head_size + 4)
+        if (size <= head_size + 4 || size > INT_MAX - ctx->skip)
             return AVERROR_INVALIDDATA;
 
         ctx->skip += size;