virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-03 05:10:03 +02:00
Code Issues Releases Activity

avcodec/jpegxl_parser: check entropy_decoder_read_symbol return value

Browse Source 
Found by OSS-Fuzz.

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
This commit is contained in:
Kacper Michajłow 2024-11-01 13:50:38 +01:00 committed by Leo Izen
parent c845a07302
commit 7b20985d8d
No known key found for this signature in database
GPG Key ID: 764E48EA48221833
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/jpegxl_parser.c
View File

@ -1311,7 +1311,7 @@ static int parse_frame_header(void *avctx, JXLParseContext *ctx, GetBitContext *
// permuted toc
if (get_bits1(gb)) {
JXLEntropyDecoder dec;
uint32_t end, lehmer = 0;
int64_t end, lehmer = 0;
ret = entropy_decoder_init(avctx, gb, &dec, 8);
if (ret < 0)
return ret;
@ -1320,13 +1320,13 @@ static int parse_frame_header(void *avctx, JXLParseContext *ctx, GetBitContext *
return AVERROR_BUFFER_TOO_SMALL;
}
end = entropy_decoder_read_symbol(gb, &dec, toc_context(toc_count));
if (end > toc_count) {
if (end < 0 || end > toc_count) {
entropy_decoder_close(&dec);
return AVERROR_INVALIDDATA;
}
for (uint32_t i = 0; i < end; i++) {
lehmer = entropy_decoder_read_symbol(gb, &dec, toc_context(lehmer));
if (get_bits_left(gb) < 0) {
if (lehmer < 0 || get_bits_left(gb) < 0) {
entropy_decoder_close(&dec);
return AVERROR_BUFFER_TOO_SMALL;
}