eessppeelllloo/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-12-13 18:40:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/exr: Avoid signed overflow in displayWindow

Browse Source 
The inputs are unused except for this computation so wraparound
does not give an attacker any extra values as they are already fully
controlled

Fixes: signed integer overflow: 0 - -2147483648 cannot be represented in type 'int'
Fixes: 45820/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_fuzzer-5766159019933696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 1291568c98)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2022-03-21 21:03:13 +01:00
parent 977cfb7197
commit 15006f48cd
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/exr.c
View File

@@ -1829,8 +1829,8 @@ static int decode_header(EXRContext *s, AVFrame *frame)
dx = bytestream2_get_le32(gb); dx = bytestream2_get_le32(gb);
dy = bytestream2_get_le32(gb); dy = bytestream2_get_le32(gb);
s->w = dx - sx + 1; s->w = (unsigned)dx - sx + 1;
s->h = dy - sy + 1; s->h = (unsigned)dy - sy + 1;
continue; continue;
} else if ((var_size = check_header_variable(s, "lineOrder", } else if ((var_size = check_header_variable(s, "lineOrder",