This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/7.1 in repository ffmpeg.
commit fb544cfa79adce83e9c6bd9701f99d2c510d0d61 Author: Michael Niedermayer <[email protected]> AuthorDate: Sat Feb 7 22:55:11 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 15:57:11 2026 +0200 avcodec/jpeg2000htdec: Check Lcup and Lref Fixes: use of uninitialized memory Fixes: 482494999/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_DEC_fuzzer-6467586186608640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 99515a3342339457b53a48f3644c919510a5ba7e) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/jpeg2000htdec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/jpeg2000htdec.c b/libavcodec/jpeg2000htdec.c index ade10834ec..8cedc41461 100644 --- a/libavcodec/jpeg2000htdec.c +++ b/libavcodec/jpeg2000htdec.c @@ -1254,6 +1254,11 @@ ff_jpeg2000_decode_htj2k(const Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c "Cleanup pass length must be at least 2 bytes in length\n"); return AVERROR_INVALIDDATA; } + // this might arise either if the codestream is corrupted; or contains multiple HT Sets + // (see Rec. ITU-T T.814, Annex B.1), which the parser does not currently support + if (Lcup + Lref != cblk->length) + return AVERROR_INVALIDDATA; + Dcup = cblk->data; Dref = cblk->data + Lcup; // Dref comes after the refinement segment _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
