diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2021-09-13 23:53:23 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2021-09-14 17:34:33 +0200 |
commit | 7dfa8040d66a6e21898436fdf3568f67fd2f4eb8 (patch) | |
tree | ef2cf4614553b09c26f45f64271f21204976b6d3 | |
parent | 4d81550df9580b454d2530bcb37de20b8354ad6e (diff) | |
download | ffmpeg-7dfa8040d66a6e21898436fdf3568f67fd2f4eb8.tar.gz |
avcodec/jpeg2000_parser: Check state!=0
Fixes: out of array read
Fixes: 37664/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5893420460146688
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavcodec/jpeg2000_parser.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/jpeg2000_parser.c b/libavcodec/jpeg2000_parser.c index e6db7eefa8..2975e71482 100644 --- a/libavcodec/jpeg2000_parser.c +++ b/libavcodec/jpeg2000_parser.c @@ -142,7 +142,7 @@ static int find_frame_end(JPEG2000ParserContext *m, const uint8_t *buf, int buf_ m->in_codestream = 0; } else if (m->in_codestream && (state & 0xFFFF) == 0xFF90) { // Are we in tile part header? m->read_tp = 8; - } else if (pc->frame_start_found && info_marker((state & 0xFFFF0000)>>16) && m->in_codestream) { + } else if (pc->frame_start_found && info_marker((state & 0xFFFF0000)>>16) && m->in_codestream && (state & 0xFFFF)) { // Calculate number of bytes to skip to get to end of the next marker. m->skip_bytes = (state & 0xFFFF)-1; |