[FFmpeg-devel] [PATCH] avcodec/jpegxl_parser: add some icc profile checks
Leo Izen
leo.izen at gmail.com
Thu Oct 5 01:14:25 EEST 2023
On 10/3/23 13:38, Leo Izen wrote:
> This patch will cause the parser to abort if it detects an icc profile
> with an invalid size. This is particularly important if the icc profile
> is entropy-encoded with zero bits per symbol, as it can prevent a
> seemingly infinite loop during parsing.
>
> Fixes: infinite loop
> Fixes: 62374/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer
> -5551878085410816
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Reported-by: Michael Niedermayer <michael at niedermayer.cc>
> Signed-off-by: Leo Izen <leo.izen at gmail.com>
> ---
> libavcodec/jpegxl_parser.c | 44 ++++++++++++++++++++++++++++++--------
> 1 file changed, 35 insertions(+), 9 deletions(-)
>
Will merge soon as it fixes a clusterfuzz case.
- Leo Izen
More information about the ffmpeg-devel
mailing list