From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 8ECA74EA4D
	for <ffmpegdev@gitmailbox.com>; Wed, 11 Feb 2026 00:03:17 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'IYvaeKZ/nJIJHxTH8wJG0c1vrFY34uFsZ7WfC7DPyoo=', expected 
   b'RcbcpTxFKzT5ZjkroOI6WN2eLWRmizpftecLZZHZuI4=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1770768166; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=IYvaeKZ/nJIJHxTH8wJG0c1vrFY34uFsZ7WfC7DPyoo=;
 b=48EPb2LHrcueS4yjNDjVewHmNcxRw4SdzjXkrP3PSvXbyQlrVze9uabT638gf8VR6IcbN
 EScGddVfCKkixivoir/8FB396ZnNEzFEZxoTLJAdY4n6jdITmTPYdjt3j7rFVLYFHX7kC4w
 Z8qXLNgfE95BqKs3U+Crk4TlnVuoLDIveotuv1QNBuzk0HmE7Tzw1Tu9xrnhClWZHl3aLIl
 cFOCOL/w7h2qazsfXC6RVKNbIr4iAzkgLlvsLMSXTTCqs/vbNYnZzy9wVDlMCzq/C2fFI2y
 4Ik4uuO3T6+W1Yh1Mid/6yAzXZu9i/BpSgZ5UCezBvC2KAJG4BiGYEqIstmQ==
Received: from [172.20.0.3] (unknown [172.20.0.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 8332669172E;
	Wed, 11 Feb 2026 02:02:46 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1770768159;
 b=saHSHAAE4Pfcs8w4an6YX3d/1RHa3Wq1E3ADmzfvdgHtOzAPjaqfviOzQQNYBIcqx0S6i
 eQevgb0cCM5SbvH6v7IZak2HzUy1g/bucwWJXSmN9a0gFYJQNE0smcLmmyFm+5OgHqz/rRU
 bzsnB29MjmBS8hVn2+CTydaZhTrHDCmFoHT5sIau3sifuhVpToQttVbE8vO9lFJDHMKREpg
 4CZkIbVayf1ld2A3GKA7UCt8sXbxirT+vVkED6F6C/LGmglV6xpm1zlDns4DCXfEL6EfJaI
 JgAs9Ali6x71wDzfM2lkd13H6b2atI7g8YIfjzGArBkzxb4g1B9zRLc5G+UQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1770768159; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=4fxN6adrZVg5WPWzVY7OtC95NDY+i4Dev30sEh/eWH8=;
 b=g0I0CGte60F5/0PdvQjIrH4QKZeRizn01adiMKOnnw9oRKOlpURX/hDxT0hBUWLG0dcbo
 1VuHTUOjk78E1ZHBVfi6MNBlVCU3n7mP2SktfZI0RH9iar4mS/7P1w6loaP/HtTdFDgjPJ9
 LU+JU0v6IixYuXtEr8DdToSevpJLP3vtpISxSeTUlIAwMU8bG2sNC5AkUtfo5WCYufutqE3
 1bPf73DSJ3KjP/tzmChor/Vb+sjMqLoRTGVW5uz7Dd4ou9PKMWJriggNdEB3HzR46FJFkBm
 TK/nH2QhTG3ZYGIYTOLRVYTMLhTCq0jB/hllv5vTKlVRGc1z2VyVbu1AoM1Q==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1770768141; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=RcbcpTxFKzT5ZjkroOI6WN2eLWRmizpftecLZZHZuI4=;
 b=2oMkyFLDbP0kk4WsqJS1dQnKPbes+VfnaSgiFdAlKizctZlr0URrLd3wlMc3+lOmMMDOH
 xwTNxMS8yfLRaLtHEo6AQUgWXnxPrkwkZ3iptI5zfN1w8lLFPtV3urozuOIRT4WmrcC8N01
 SZu7nW1HfdJUFrHjVezlq7eOhajEp5SxBQNKcgEDXx7p258kpEYkgm+mByhccEav7nz6aCk
 kt4q2JBIzUs/q1OIkzpGAh60QQ2By2Xwa3yEYpZV++do14A4tXnTj17Uq9oQyUArHHmmqEZ
 uTloO5AvpTsTfMo8pJA76dOUzZtHgeT/szFG7T6zmibszkHdBy51Jvjgtn3A==
Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id B63FB691748
	for <ffmpeg-devel@ffmpeg.org>; Wed, 11 Feb 2026 02:02:21 +0200 (EET)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Wed, 11 Feb 2026 00:02:20 -0000
Message-ID: <177076814196.25.143421582620933573@009cbcb3d8cd>
Message-ID-Hash: VIK4IPCSOZ4PVYE6O4JGHA32SYAK2UNE
X-Message-ID-Hash: VIK4IPCSOZ4PVYE6O4JGHA32SYAK2UNE
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PR] avcodec/mjpegdec: Check for multiple exif (PR #21728)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/VIK4IPCSOZ4PVYE6O4JGHA32SYAK2UNE/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/177076814196.25.143421582620933573@009cbcb3d8cd/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: michaelni via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: michaelni <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/177076814196.25.143421582620933573@009cbcb3d8cd/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #21728 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21728
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21728.patch

Fixes: memleak
Fixes: 477993717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_DEC_fuzzer-4515108431921152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>


>>From 1ae4a50332495b42175eff89858c74635858dae3 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Tue, 10 Feb 2026 21:00:15 +0100
Subject: [PATCH] avcodec/mjpegdec: Check for multiple exif

Fixes: memleak
Fixes: 477993717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_DEC_fuzzer-4515108431921152

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/mjpegdec.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 8486082861..eb8678e466 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -2058,6 +2058,11 @@ static int mjpeg_decode_app(MJpegDecodeContext *s, int start_code)
         bytestream2_skipu(&s->gB, 2); // skip padding
         len -= 2;
 
+        if (s->exif_metadata.entries) {
+            av_log(s->avctx, AV_LOG_WARNING, "multiple EXIF\n");
+            goto out;
+        }
+
         ret = av_exif_parse_buffer(s->avctx, s->gB.buffer, len, &s->exif_metadata, AV_EXIF_TIFF_HEADER);
         if (ret < 0) {
             av_log(s->avctx, AV_LOG_WARNING, "unable to parse EXIF buffer\n");
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org