mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2024-12-26 01:02:33 +00:00
avcodec/jpeg2000dec: Check remaining data in packed_headers_stream before use
Fixes: out of array read Fixes: 24487/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5165847820369920 Fixes: 24636/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5700973918683136 Fixes: 24683/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6202883897556992 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
de5cb6c060
commit
a5ac81952e
@ -2184,7 +2184,9 @@ static int jpeg2000_read_main_headers(Jpeg2000DecoderContext *s)
|
||||
}
|
||||
|
||||
if (s->has_ppm) {
|
||||
uint32_t tp_header_size = bytestream2_get_be32u(&s->packed_headers_stream);
|
||||
uint32_t tp_header_size = bytestream2_get_be32(&s->packed_headers_stream);
|
||||
if (bytestream2_get_bytes_left(&s->packed_headers_stream) < tp_header_size)
|
||||
return AVERROR_INVALIDDATA;
|
||||
bytestream2_init(&tp->header_tpg, s->packed_headers_stream.buffer, tp_header_size);
|
||||
bytestream2_skip(&s->packed_headers_stream, tp_header_size);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user