From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 665D84C25C for ; Sat, 7 Feb 2026 23:06:01 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'gUGBlEn9+oAsknYlza+UTH8ZT6EisHt+B2d4w941Lio=', expected b'27fuMskC0JdRcIviw14f4INX9qXVQ3U7wgyS0QITfmo=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1770505552; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=gUGBlEn9+oAsknYlza+UTH8ZT6EisHt+B2d4w941Lio=; b=415KPPeEhfclpmLjISYzHEJiaSvMpCGqnibwX2ZmLW1bbkX4eGl18AcJThid7X0+3IrVg Dxlx3ZiEAKXbpDbwvRTo9PWLtmDQNVR27icFcac34GC1+G5cig5c8uuXui6TNVf5ADlgTNM rPRww3m0MI3aXZfHu5YBTQZLsMHCP+2WRP9nNMHzPGpZwUbheJzunvwThCbsMj6SUx3j5fZ PH3Bcj4pHu3OyZ4H/XW94Eu1g7MUT5uNju0Tccok0yzMmwcfYeg5WmSM5WYlkIr5wXDMSIH MO0MQpu7QjzOVsOFK2DlvIa0sIYoCvPU35uUUuxYAAjKCRlW43RspMB0c9Dw== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id F3C39691108; Sun, 8 Feb 2026 01:05:51 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1770505536; b=LBvdljQtVFq1hyIWi/fLHzo/dj6iefP4Uwmt3YidhMyjtCuOC63bZnyXiMArtFPa/e7HC P5UQCULEC1h9jd/WYXYRGP0eHAEUlQXS+TFxwBtIEBXfQB1KsfOjyNzyNpWexXKR69+y25P aoiyTFxhbKTL8aMy28pBjqgEQF604hMbjxNe50Tc9pPMwfgzn1HEolFL+WqCuMy79qoLERo wldMDCSQ4EpQ3YuQVXqUhG16Cc8ewOHHLJO8ZwQvqVUSHibfBxsfqHgw3tyCe5ozw9i3aNQ 3cwBFpjItKydz2uiMjU0PDBP68lONzb0Tvs8UvUx0vmzm3ta+3oQ6WaM8iqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1770505536; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=BN62gsBaPH7ocJBCPvD8C+g3bp6L8gbupn6pRNB7wCA=; b=CiKjIjjI7tUfdOtABgX7QOwknSBVWoPiNuR1aGwpz8criBcn7/RhaX2uQy1IVp/C8a5aY wzBk+89JKNOag3ifbIQMrADJJDqga3TwIxNLw58YV3mr2f9P8ss3Vy8I1vxojE+jdEdQsP+ NyNpwuMrAkQkHkjtShARaL3bD2/j5K74CjNu9xo3LsK7aMmFBFpjf+yT9NWK6tBrOQH0tbB FdgFW3vz/WAyXV8xLfbwH9LTdeeVBlWWePrzg8FwFUTUiJUGJcUo+8InG97dlxl3k4k69xG fFPXq0oj47SPOjDqRLkNHRwOeuf82T7DRAW+9T087+7qyVXHJwmTdX902Fzw== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1770505528; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=27fuMskC0JdRcIviw14f4INX9qXVQ3U7wgyS0QITfmo=; b=iSfKVLgbLaTWB1SQq5h+yag6Poum5+3vLveH/Ege5SWL0XQfKeQdr30Axps4dQncXHOj5 UK9yTVoiL4TdV0NS/HEObLEjpabK6gl32aL5OAMAS+AdCJVlKtwHFcCJHOzoMEk6KJeU306 gJjCI8hiw96wc50vJ65lUlRh8gNa+T2s0dYvSBTdDE4P7Ge1EkkKiblBnzbelbIvnOztcM3 Jr+JJ4YcRADcGKNoTiMi/xsmXUcxDXiQ6ACJ9mNInj0CgSTCran1OFPTG9PctsVFqBn5eMo HUtknUCE0ugLRBdU4ZawCIcQUpSTbYbqqThjG+Mglaa+sOWqabYEwgxYOMrw== Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id EC58F69094E for ; Sun, 8 Feb 2026 01:05:27 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Sat, 07 Feb 2026 23:05:27 -0000 Message-ID: <177050552811.25.3623408932856864681@4457048688e7> Message-ID-Hash: LJJCU7OLVT6GQMJPZRX45DMLTYD2XEU2 X-Message-ID-Hash: LJJCU7OLVT6GQMJPZRX45DMLTYD2XEU2 X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] avcodec/jpeg2000htdec: Check Lcup and Lref (PR #21677) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: michaelni via ffmpeg-devel Cc: michaelni Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21677 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21677 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21677.patch Fixes: use of uninitialized memory Fixes: 482494999/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_DEC_fuzzer-6467586186608640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer >>From ce998935e801f9dcee7cca4ed71bf856b2153524 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 7 Feb 2026 22:55:11 +0100 Subject: [PATCH] avcodec/jpeg2000htdec: Check Lcup and Lref Fixes: use of uninitialized memory Fixes: 482494999/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_DEC_fuzzer-6467586186608640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/jpeg2000htdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/jpeg2000htdec.c b/libavcodec/jpeg2000htdec.c index b92f0131a4..3f5ed1ce22 100644 --- a/libavcodec/jpeg2000htdec.c +++ b/libavcodec/jpeg2000htdec.c @@ -1254,6 +1254,9 @@ ff_jpeg2000_decode_htj2k(const Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c "Cleanup pass length must be at least 2 bytes in length\n"); return AVERROR_INVALIDDATA; } + if (Lcup + Lref != cblk->length) + return AVERROR_INVALIDDATA; + Dcup = cblk->data; Dref = cblk->data + Lcup; // Dref comes after the refinement segment -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org