[FFmpeg-devel] [PATCH 3/3] avcodec/jpegxl_parser: Check for ctx->skip overflow
Michael Niedermayer
michael at niedermayer.cc
Sun Sep 10 04:09:52 EEST 2023
Fixes: out of array access
Fixes: 62113/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5025082076168192
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/jpegxl_parser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/jpegxl_parser.c b/libavcodec/jpegxl_parser.c
index 20c8a41a89b..619a16448fa 100644
--- a/libavcodec/jpegxl_parser.c
+++ b/libavcodec/jpegxl_parser.c
@@ -1326,7 +1326,7 @@ static int skip_boxes(JXLParseContext *ctx, const uint8_t *buf, int buf_size)
if (!size)
return AVERROR_INVALIDDATA;
/* invalid ISOBMFF size */
- if (size <= head_size + 4)
+ if (size <= head_size + 4 || size > INT_MAX - ctx->skip)
return AVERROR_INVALIDDATA;
ctx->skip += size;
--
2.17.1
More information about the ffmpeg-devel
mailing list