virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00
Code Issues Releases Activity

avcodec/exr: Better size checks

Browse Source 
Fixes: signed integer overflow: 3530839700044513368 + 8386093932303352321 cannot be represented in type 'long long'
Fixes: 35182/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5398383270428672

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 18b0dd07384b2987f24a4d0ba7600fde2787472a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2021-06-21 22:15:47 +02:00
parent bb1d2cf898
commit 7b5308045e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/exr.c
View File

@ -1014,7 +1014,7 @@ static int dwa_uncompress(EXRContext *s, const uint8_t *src, int compressed_size
dc_count = AV_RL64(src + 72); dc_count = AV_RL64(src + 72);
ac_compression = AV_RL64(src + 80); ac_compression = AV_RL64(src + 80);
if (compressed_size < 88LL + lo_size + ac_size + dc_size + rle_csize) if (compressed_size < (uint64_t)(lo_size | ac_size | dc_size | rle_csize) || compressed_size < 88LL + lo_size + ac_size + dc_size + rle_csize)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
bytestream2_init(&gb, src + 88, compressed_size - 88); bytestream2_init(&gb, src + 88, compressed_size - 88);