Message ID | 20230910010952.24389-3-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | ca09d8a0dcd82e3128e62463231296aaf63ae6f7 |
Headers | show |
Series | [FFmpeg-devel,1/3] avcodec/wavarc: Use unsigned for samples in 1dif, 2slp, 5elp | expand |
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
diff --git a/libavcodec/jpegxl_parser.c b/libavcodec/jpegxl_parser.c index 20c8a41a89b..619a16448fa 100644 --- a/libavcodec/jpegxl_parser.c +++ b/libavcodec/jpegxl_parser.c @@ -1326,7 +1326,7 @@ static int skip_boxes(JXLParseContext *ctx, const uint8_t *buf, int buf_size) if (!size) return AVERROR_INVALIDDATA; /* invalid ISOBMFF size */ - if (size <= head_size + 4) + if (size <= head_size + 4 || size > INT_MAX - ctx->skip) return AVERROR_INVALIDDATA; ctx->skip += size;
Fixes: out of array access Fixes: 62113/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5025082076168192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/jpegxl_parser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)