fre 2024-03-29 klockan 20:32 +0100 skrev Michael Niedermayer: > Fixes: shift exponent -1 is negative > Fixes: 65378/clusterfuzz-testcase-minimized- > ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5457678193197056 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/jpeg2000dec.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c > index 1afc6b1e2dd..fe2afb05057 100644 > --- a/libavcodec/jpeg2000dec.c > +++ b/libavcodec/jpeg2000dec.c > @@ -1910,6 +1910,8 @@ static inline void tile_codeblocks(const > Jpeg2000DecoderContext *s, Jpeg2000Tile > int nb_precincts, precno; > Jpeg2000Band *band = rlevel->band + bandno; > int cblkno = 0, bandpos; > + /* See Rec. ITU-T T.800, Equation E-2 */ > + int magp = quantsty->expn[subbandno] + quantsty- > >nguardbits - 1; > > bandpos = bandno + (reslevelno > 0); > > @@ -1917,6 +1919,9 @@ static inline void tile_codeblocks(const > Jpeg2000DecoderContext *s, Jpeg2000Tile > band->coord[1][0] == band->coord[1][1]) > continue; > > + if ((codsty->cblk_style & JPEG2000_CTSY_HTJ2K_F) && > magp >= 31) > + return;
Please also print an error message and return AVERROR_PATCHWELCOME /Tomas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
