diff options
author | Leo Izen <leo.izen@gmail.com> | 2023-10-03 11:00:35 -0400 |
---|---|---|
committer | Leo Izen <leo.izen@gmail.com> | 2023-10-05 19:28:55 -0400 |
commit | f7ac3512f5b5cb8eb149f37300b43461d8e93af3 (patch) | |
tree | 709ec7f31aed630972bf6226631b902af7f2d5ee /libavutil/spherical.c | |
parent | ec74553205a4e52598f9799d03fb2682f7d23831 (diff) | |
download | ffmpeg-f7ac3512f5b5cb8eb149f37300b43461d8e93af3.tar.gz |
avcodec/jpegxl_parser: fix various memory issues
The spec caps the prefix alphabet size to 32768 (i.e. 1 << 15) so we
should check for that and reject alphabets that are too large, in order
to prevent over-allocating.
Additionally, there's no need to allocate buffers that are as large as
the maximum alphabet size as these aren't stack-allocated, they're heap
allocated and thus can be variable size.
Added an overflow check as well, which fixes leaking the buffer, and
capping the alphabet size fixes two potential overruns as well.
Fixes: out of array access
Fixes: 62089/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-
5437089094959104.fuzz
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Found-by: Hardik Shah of Vehere (Dawn Treaders team)
Co-authored-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Leo Izen <leo.izen@gmail.com>
Diffstat (limited to 'libavutil/spherical.c')
0 files changed, 0 insertions, 0 deletions