Leo Izen 0225fe857d avcodec/jpegxl_parse{,r}: fix integer overflow for some malformed files ...

If there's a very large ISOBMFF box that needs to be skipped, it can
cause an overflow for ctx->skip. There's already a safeguard to return
quickly if ctx->skip > bufsize, so changing ctx->skip to int64_t will
allow this to happen even if ctx->skip would overflow a signed int.

Several other members are also changed to int64_t to avoid this problem
in other possible scenarios.

Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Kacper Michajlow <kasper93@gmail.com>
Fixes: clusterfuzz-testcase-minimized-fuzzer_loadfile-6085331937460224

2025-01-30 13:46:26 -05:00

49 KiB

Raw Blame History

View Raw