Fixes: out of array access Fixes: 24825/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-6326925027704832
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> --- libavcodec/tiff.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c index 86f8487086..8a42e677ce 100644 --- a/libavcodec/tiff.c +++ b/libavcodec/tiff.c @@ -919,6 +919,11 @@ static int dng_decode_jpeg(AVCodecContext *avctx, AVFrame *frame, /* Copy the outputted tile's pixels from 'jpgframe' to 'frame' (final buffer) */ + if (s->jpgframe->width != s->avctx_mjpeg->width || + s->jpgframe->height != s->avctx_mjpeg->height || + s->jpgframe->format != s->avctx_mjpeg->pix_fmt) + return AVERROR_INVALIDDATA; + /* See dng_blit for explanation */ if (s->avctx_mjpeg->width == w * 2 && s->avctx_mjpeg->height == h / 2 && -- 2.17.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
