From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 33B414AF98 for ; Tue, 23 Dec 2025 02:09:20 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'lqg/Eak39+GghKopkFlrJPO3Rz8PgtuQQxVHs9chhuk=', expected b'oeeY9MTAsWPzvwGbOQGLf+EbGY2AzY/ZyKOASHN7HgU=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1766455734; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=lqg/Eak39+GghKopkFlrJPO3Rz8PgtuQQxVHs9chhuk=; b=ZX1l8KR0fzyTt3B9/GUOzQTMMcKWudM6d621Rf9SV8t7pr6r2e/Oj8PxvdLogiwcYf+cI bGb8CeHeEj3MtAdDYasL/03y2JOCY59C8hjQqBxkynFm147IXqTMRIKdRdND7EScc7hs0Lb gHFruiSJpdxdoq6psxfj/uWwVIorGhVt/1JFIoQZdMN6ghnC0epR3vALHFd8wtuMgO3yVNC Q6Jgq7vyyLXVtKZfBcm58Q3BF87HEg6wbEPhXz+0f7/M4cBe0LeZEwvwzfVCpkxIigKHK6q favDXTcW0xdfSjt3u6qtK9gzflA9BbUALjN4vT/7IKN/zjvUM1H2n2GX2LOw== Received: from [172.20.0.2] (unknown [172.19.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id DBE2E690B04; Tue, 23 Dec 2025 04:08:54 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1766455725; b=Jeku10ZhJlODuHzYPtUYVze7TyVqaxanfau5/KRyYQBd6doxNJz4L/UsPowsMEdNT1565 F4+AgWiKD+UlcFGHUyCbQqXi4dMxEaAziHBn+O1wjwzFgGDNvNnw5QsA9XmiitHFYzsStO0 aldvpFDX6+K9a5udH/9ThUxcmEHyvddoP3pyQ7VBGc5bztIAoIpBlT9FE1c9meL3pD9VvmZ +lhxlYG4qsaV3LVvDSpk5+juyM+1bIcWOzghAZ78U7NJ0FYxQjfG3R2jHMIPK+tc9I0LasQ s4gJXgXNrJbiInmIcZ4pSdG0omHF976X+nzzCfwj4BqUgBoUpbNaIPfbnEiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1766455725; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=EjCCmToBGzNtdkQkDQBgeLXNdqkZRJG5P2UsvHgm4Ns=; b=TQohb8qBT4lzRdPiaORd/RVebQXxmwauotDMmvh0KZsKWXAOdpuFYx23x3OIu3q7X6QBQ jPt2fSkapwoqg65fHaSNHRvSn3NUvZ5VLneed6/AxMqe6PEeL8xV4sSfmc+RHtkCxPCGYjH fPR94+qnS2lG5ibPdR0R0yhqwALR6YrxBYQ5VYCqXDzYkwcImf28iUR0xnnfRmnLrJR1BAx +9CNpFDfav2ZsdNels5KTGTajPC/5tKcBKyE87i/8EdzRRyt7fZwwx1N9HtepTu7scoWHNJ DFrXZGzIQf1yEa5h0oy4jhxpBlTFgEJc1uABjY8XivhlSLO2VGcqRf+AJaig== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1766455712; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=oeeY9MTAsWPzvwGbOQGLf+EbGY2AzY/ZyKOASHN7HgU=; b=SnRIOCEMm7OFRLt0iwpAU1OzKBNsmJAiWUxc+FK2jLFBKgsobwwLZRs+PG5JtSEWRDUf5 cnPVAhZWrwYNV40HFhkk9H+vGaB/Z1Tdbig175HuNwNTCCB8oiV9au1AwqBV97Jwjj8FZ2G 2HPPd0s/6tEmUg4uxmf7xMUtKCMU8j0mVSyRsLbW39/QlFv/gt5H9IXsjzrOqa1t5353F6x aiPvpu1slfuN1Eh9LPdVUw/kTXEuKYZ88J4HmeBv5kJKoxhZonFCHNi7em1/sdvJQZ7rXxs CToVv3XWLFw7c2OCCZLBFOSUcf8saZhfdHxm719pZ5ASDBh+m51zdICn1a1Q== Received: from 55ca25703178 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id B80F0690AB9 for ; Tue, 23 Dec 2025 04:08:32 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Tue, 23 Dec 2025 02:08:32 -0000 Message-ID: <176645571294.60.9074108460813550333@2cb04c0e5124> Message-ID-Hash: WJPUXNL2YHQPQAUKHBIIH5ZKOUCQHDPR X-Message-ID-Hash: WJPUXNL2YHQPQAUKHBIIH5ZKOUCQHDPR X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PATCH] avcodec/jpeg2000htdec: Check pLSB (PR #21271) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: michaelni via ffmpeg-devel Cc: michaelni Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21271 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21271 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21271.patch Fixes: negative shift and other undefined shifts Fixes: 462335934/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_DEC_fuzzer-4538493775970304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer >>From 466447b98980e328674719449ce7b7d1b225641a Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 22 Dec 2025 22:56:10 +0100 Subject: [PATCH] avcodec/jpeg2000htdec: Check pLSB Fixes: negative shift and other undefined shifts Fixes: 462335934/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_DEC_fuzzer-4538493775970304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/jpeg2000htdec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/jpeg2000htdec.c b/libavcodec/jpeg2000htdec.c index 08140e06a9..54b37009c2 100644 --- a/libavcodec/jpeg2000htdec.c +++ b/libavcodec/jpeg2000htdec.c @@ -1263,6 +1263,11 @@ ff_jpeg2000_decode_htj2k(const Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c cblk->zbp = S_blk - 1; pLSB = 30 - S_blk; + if (pLSB <= 1 || pLSB >= 31) { + avpriv_request_sample(s->avctx, "pLSB %d", pLSB); + return AVERROR_PATCHWELCOME; + } + Scup = (Dcup[Lcup - 1] << 4) + (Dcup[Lcup - 2] & 0x0F); if (Scup < 2 || Scup > Lcup || Scup > 4079) { -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org