On Fri, Aug 04, 2023 at 06:41:24PM -0700, Pierre-Anthony Lemieux wrote:
> On Tue, Aug 1, 2023 at 5:02 PM Michael Niedermayer
> <michael@niedermayer.cc> wrote:
> >
> > Code should make more sense now
> >
> > Fixes: out of array access
> > Fixes: 58299/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-6627570448465920
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/jpeg2000htdec.c | 13 +++----------
> >  1 file changed, 3 insertions(+), 10 deletions(-)
> >
> > diff --git a/libavcodec/jpeg2000htdec.c b/libavcodec/jpeg2000htdec.c
> > index 2b082b3b2f..3985783f3a 100644
> > --- a/libavcodec/jpeg2000htdec.c
> > +++ b/libavcodec/jpeg2000htdec.c
> > @@ -159,21 +159,14 @@ static int jpeg2000_bitbuf_refill_backwards(StateVars *buffer, const uint8_t *ar
> >       */
> >      position -= 4;
> 
> Can't we get rid of this line and the comment above, and instead
> replace `int32_t position = buffer->pos;` with `int32_t position =
> buffer->pos - 4;`?

yes


> 
> LGTM otherwise.

will apply with the suggested change

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

It is a danger to trust the dream we wish for rather than
the science we have, -- Dr. Kenneth Brown