avcodec/jpegxl_parser: Check for ctx->skip overflow

Fixes: out of array access
Fixes: 62113/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5025082076168192

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2023-09-10 02:37:47 +02:00
parent d2e8974699
commit ca09d8a0dc
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 1 additions and 1 deletions

View File

@ -1326,7 +1326,7 @@ static int skip_boxes(JXLParseContext *ctx, const uint8_t *buf, int buf_size)
if (!size) if (!size)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
/* invalid ISOBMFF size */ /* invalid ISOBMFF size */
if (size <= head_size + 4) if (size <= head_size + 4 || size > INT_MAX - ctx->skip)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
ctx->skip += size; ctx->skip += size;