Fixes: out of array read Fixes: 24487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5165847820369920
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/jpeg2000dec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c index 06ad841934..dcebe97272 100644 --- a/libavcodec/jpeg2000dec.c +++ b/libavcodec/jpeg2000dec.c @@ -2184,7 +2184,9 @@ static int jpeg2000_read_main_headers(Jpeg2000DecoderContext *s) } if (s->has_ppm) { - uint32_t tp_header_size = bytestream2_get_be32u(&s->packed_headers_stream); + uint32_t tp_header_size = bytestream2_get_be32(&s->packed_headers_stream); + if (bytestream2_get_bytes_left(&s->packed_headers_stream) < tp_header_size) + return AVERROR_INVALIDDATA; bytestream2_init(&tp->header_tpg, s->packed_headers_stream.buffer, tp_header_size); bytestream2_skip(&s->packed_headers_stream, tp_header_size); } -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
