[FFmpeg-devel] [PATCH 1/3] avcodec/jpeg2000htdec: Check magp before using it in a shift
Tomas Härdin
git at haerdin.se
Sat Mar 30 10:56:58 EET 2024
fre 2024-03-29 klockan 20:32 +0100 skrev Michael Niedermayer:
> Fixes: shift exponent -1 is negative
> Fixes: 65378/clusterfuzz-testcase-minimized-
> ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5457678193197056
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/jpeg2000dec.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
> index 1afc6b1e2dd..fe2afb05057 100644
> --- a/libavcodec/jpeg2000dec.c
> +++ b/libavcodec/jpeg2000dec.c
> @@ -1910,6 +1910,8 @@ static inline void tile_codeblocks(const
> Jpeg2000DecoderContext *s, Jpeg2000Tile
> int nb_precincts, precno;
> Jpeg2000Band *band = rlevel->band + bandno;
> int cblkno = 0, bandpos;
> + /* See Rec. ITU-T T.800, Equation E-2 */
> + int magp = quantsty->expn[subbandno] + quantsty-
> >nguardbits - 1;
>
> bandpos = bandno + (reslevelno > 0);
>
> @@ -1917,6 +1919,9 @@ static inline void tile_codeblocks(const
> Jpeg2000DecoderContext *s, Jpeg2000Tile
> band->coord[1][0] == band->coord[1][1])
> continue;
>
> + if ((codsty->cblk_style & JPEG2000_CTSY_HTJ2K_F) &&
> magp >= 31)
> + return;
Please also print an error message and return AVERROR_PATCHWELCOME
/Tomas
More information about the ffmpeg-devel
mailing list