mirror of https://git.ffmpeg.org/ffmpeg.git
avcodec/jpegxl_parser: Check for ctx->skip overflow
Fixes: out of array access Fixes: 62113/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5025082076168192 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
d2e8974699
commit
ca09d8a0dc
|
@ -1326,7 +1326,7 @@ static int skip_boxes(JXLParseContext *ctx, const uint8_t *buf, int buf_size)
|
||||||
if (!size)
|
if (!size)
|
||||||
return AVERROR_INVALIDDATA;
|
return AVERROR_INVALIDDATA;
|
||||||
/* invalid ISOBMFF size */
|
/* invalid ISOBMFF size */
|
||||||
if (size <= head_size + 4)
|
if (size <= head_size + 4 || size > INT_MAX - ctx->skip)
|
||||||
return AVERROR_INVALIDDATA;
|
return AVERROR_INVALIDDATA;
|
||||||
|
|
||||||
ctx->skip += size;
|
ctx->skip += size;
|
||||||
|
|
Loading…
Reference in New Issue