[FFmpeg-cvslog] avcodec/jpegxl_parser: Check for ctx->skip overflow
Michael Niedermayer
git at videolan.org
Thu Sep 14 23:00:54 EEST 2023
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sun Sep 10 02:37:47 2023 +0200| [ca09d8a0dcd82e3128e62463231296aaf63ae6f7] | committer: Michael Niedermayer
avcodec/jpegxl_parser: Check for ctx->skip overflow
Fixes: out of array access
Fixes: 62113/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5025082076168192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ca09d8a0dcd82e3128e62463231296aaf63ae6f7
---
libavcodec/jpegxl_parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/jpegxl_parser.c b/libavcodec/jpegxl_parser.c
index 4010bc713a..6656ed35c5 100644
--- a/libavcodec/jpegxl_parser.c
+++ b/libavcodec/jpegxl_parser.c
@@ -1326,7 +1326,7 @@ static int skip_boxes(JXLParseContext *ctx, const uint8_t *buf, int buf_size)
if (!size)
return AVERROR_INVALIDDATA;
/* invalid ISOBMFF size */
- if (size <= head_size + 4)
+ if (size <= head_size + 4 || size > INT_MAX - ctx->skip)
return AVERROR_INVALIDDATA;
ctx->skip += size;
More information about the ffmpeg-cvslog
mailing list