[FFmpeg-devel] [PATCH v2] avcodec/jpegxl_parser: fix various memory issues
Leo Izen
leo.izen at gmail.com
Thu Oct 5 01:13:57 EEST 2023
On 10/3/23 11:00, Leo Izen wrote:
> The spec caps the prefix alphabet size to 32768 (i.e. 1 << 15) so we
> should check for that and reject alphabets that are too large, in order
> to prevent over-allocating.
>
> Additionally, there's no need to allocate buffers that are as large as
> the maximum alphabet size as these aren't stack-allocated, they're heap
> allocated and thus can be variable size.
>
> Added an overflow check as well, which fixes leaking the buffer, and
> capping the alphabet size fixes two potential overruns as well.
>
> Fixes: out of array access
> Fixes: 62089/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-
> 5437089094959104.fuzz
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Found-by: Hardik Shah of Vehere (Dawn Treaders team)
> Co-authored-by: Michael Niedermayer <michael at niedermayer.cc>
> Signed-off-by: Leo Izen <leo.izen at gmail.com>
> ---
> libavcodec/jpegxl_parser.c | 23 +++++++++++++++++------
> 1 file changed, 17 insertions(+), 6 deletions(-)
>
Will merge soon as it fixes a clusterfuzz case.
- Leo Izen
More information about the ffmpeg-devel
mailing list