RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/hdrdec: Update w in inner loop of decompress() 

Fixes: out of array access
Fixes: 50936/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HDR_fuzzer-5423041009549312

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2022-09-11 13:03:54 +02:00
parent 3993345f91
commit 14e99cb472
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/hdrdec.c
View File

@ -70,8 +70,8 @@ static int decompress(uint8_t *scanline, int w, GetByteContext *gb, const uint8_
for (int i = run << rshift; i > 0 && w > 0 && scanline >= start + 4; i--) {
memcpy(scanline, scanline - 4, 4);
scanline += 4;
w -= 4;
}
w -= run << rshift;
rshift += 8;
if (rshift > 16)
break;