virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-19 05:49:09 +02:00
Code Issues Releases Activity

avformat/mxfdec: Check component_depth in mxf_get_color_range()

Browse Source 
Fixes: shift exponent 4294967163 is too large for 32-bit type 'int'
Fixes: 41449/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6183636217495552

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a4af92d7cb044424d31a99fc2f8a091f882036a5)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2021-12-04 22:32:57 +01:00
parent 4846536e67
commit 8720b1b480
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavformat/mxfdec.c
View File

@ -2253,12 +2253,12 @@ static enum AVColorRange mxf_get_color_range(MXFContext *mxf, MXFDescriptor *des
/* CDCI range metadata */
if (!descriptor->component_depth)
return AVCOL_RANGE_UNSPECIFIED;
if (descriptor->black_ref_level == 0 &&
if (descriptor->black_ref_level == 0 && descriptor->component_depth < 31 &&
descriptor->white_ref_level == ((1<<descriptor->component_depth) - 1) &&
(descriptor->color_range == (1<<descriptor->component_depth) ||
descriptor->color_range == ((1<<descriptor->component_depth) - 1)))
return AVCOL_RANGE_JPEG;
if (descriptor->component_depth >= 8 &&
if (descriptor->component_depth >= 8 && descriptor->component_depth < 31 &&
descriptor->black_ref_level == (1 <<(descriptor->component_depth - 4)) &&
descriptor->white_ref_level == (235<<(descriptor->component_depth - 8)) &&
descriptor->color_range == ((14<<(descriptor->component_depth - 4)) + 1))