[FFmpeg-devel] [PATCH 2/2] avcodec/jpeg2000dec: Fix division by zero in jp2_find_codestream()

Michael Niedermayer michael at niedermayer.cc
Wed Jul 26 16:50:03 EEST 2017


On Mon, Jul 24, 2017 at 07:56:34PM +0200, Carl Eugen Hoyos wrote:
> 2017-07-24 17:34 GMT+02:00 Michael Niedermayer <michael at niedermayer.cc>:
> > Fixes: 2707/clusterfuzz-testcase-minimized-5179636394754048
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> >  libavcodec/jpeg2000dec.c | 5 +++++
> >  1 file changed, 5 insertions(+)
> >
> > diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
> > index b67efc76bb..dd9c60feb4 100644
> > --- a/libavcodec/jpeg2000dec.c
> > +++ b/libavcodec/jpeg2000dec.c
> > @@ -2075,6 +2075,11 @@ static int jp2_find_codestream(Jpeg2000DecoderContext *s)
> >                      hden = bytestream2_get_be16u(&s->g);
> >                      vexp = bytestream2_get_byteu(&s->g);
> >                      hexp = bytestream2_get_byteu(&s->g);
> > +                    if (!vnum || !vden || !hnum || !vden) {
> > +                        bytestream2_seek(&s->g, atom2_end, SEEK_SET);
> > +                        av_log(s->avctx, AV_LOG_WARNING, "RES box invalid\n");
> > +                        continue;
> > +                    }
> 
> Thank you!
> 
> I believe it is possible to move the "resd"/"resc" check above down if you think
> that simplifies the code.

That could be done, but it somehow doesnt feel right. The type
should be checked before reading the values.

ill apply the patches as they are

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If you drop bombs on a foreign country and kill a hundred thousand
innocent people, expect your government to call the consequence
"unprovoked inhuman terrorist attacks" and use it to justify dropping
more bombs and killing more people. The technology changed, the idea is old.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170726/72c82e25/attachment.sig>


More information about the ffmpeg-devel mailing list