aboutsummaryrefslogtreecommitdiffstats
path: root/libavutil/fixed_dsp.h
diff options
context:
space:
mode:
authorLeo Izen <leo.izen@gmail.com>2023-10-03 11:00:35 -0400
committerLeo Izen <leo.izen@gmail.com>2023-10-05 19:28:55 -0400
commitf7ac3512f5b5cb8eb149f37300b43461d8e93af3 (patch)
tree709ec7f31aed630972bf6226631b902af7f2d5ee /libavutil/fixed_dsp.h
parentec74553205a4e52598f9799d03fb2682f7d23831 (diff)
downloadffmpeg-f7ac3512f5b5cb8eb149f37300b43461d8e93af3.tar.gz
avcodec/jpegxl_parser: fix various memory issues
The spec caps the prefix alphabet size to 32768 (i.e. 1 << 15) so we should check for that and reject alphabets that are too large, in order to prevent over-allocating. Additionally, there's no need to allocate buffers that are as large as the maximum alphabet size as these aren't stack-allocated, they're heap allocated and thus can be variable size. Added an overflow check as well, which fixes leaking the buffer, and capping the alphabet size fixes two potential overruns as well. Fixes: out of array access Fixes: 62089/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer- 5437089094959104.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Found-by: Hardik Shah of Vehere (Dawn Treaders team) Co-authored-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Leo Izen <leo.izen@gmail.com>
Diffstat (limited to 'libavutil/fixed_dsp.h')
0 files changed, 0 insertions, 0 deletions