diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2021-12-04 22:32:57 +0100 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2021-12-09 13:12:45 +0100 |
commit | a4af92d7cb044424d31a99fc2f8a091f882036a5 (patch) | |
tree | e8078952af7d0de55e83173152b4a9ef9ea05f90 /libavformat | |
parent | ac2b34abbf93c1fa11ee7e5667ce6e6d4c4760a2 (diff) | |
download | ffmpeg-a4af92d7cb044424d31a99fc2f8a091f882036a5.tar.gz |
avformat/mxfdec: Check component_depth in mxf_get_color_range()
Fixes: shift exponent 4294967163 is too large for 32-bit type 'int'
Fixes: 41449/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6183636217495552
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavformat')
-rw-r--r-- | libavformat/mxfdec.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index af9d33f796..c231c944c0 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -2274,12 +2274,12 @@ static enum AVColorRange mxf_get_color_range(MXFContext *mxf, MXFDescriptor *des /* CDCI range metadata */ if (!descriptor->component_depth) return AVCOL_RANGE_UNSPECIFIED; - if (descriptor->black_ref_level == 0 && + if (descriptor->black_ref_level == 0 && descriptor->component_depth < 31 && descriptor->white_ref_level == ((1<<descriptor->component_depth) - 1) && (descriptor->color_range == (1<<descriptor->component_depth) || descriptor->color_range == ((1<<descriptor->component_depth) - 1))) return AVCOL_RANGE_JPEG; - if (descriptor->component_depth >= 8 && + if (descriptor->component_depth >= 8 && descriptor->component_depth < 31 && descriptor->black_ref_level == (1 <<(descriptor->component_depth - 4)) && descriptor->white_ref_level == (235<<(descriptor->component_depth - 8)) && descriptor->color_range == ((14<<(descriptor->component_depth - 4)) + 1)) |