From 50b3fa8dbe9758cceef6585a67e2cf805a01e3dd Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri, 19 Sep 2025 00:18:30 +0200
Subject: [PATCH] avcodec/exr: Check that DWA has 3 channels

The implementation hardcodes access to 3 channels, so we need to check that
Fixes: out of array access
Fixes: BIGSLEEP-445394503-crash.exr

Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7896cc67c13037abba8941e39a74c56d26b775a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/exr.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index a00d27b576..e06041c7c0 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -999,6 +999,11 @@ static int dwa_uncompress(const EXRContext *s, const uint8_t *src, int compresse
     if (version != 2)
         return AVERROR_INVALIDDATA;
 
+    if (s->nb_channels < 3) {
+        avpriv_request_sample(s->avctx, "Gray DWA");
+        return AVERROR_PATCHWELCOME;
+    }
+
     lo_usize = AV_RL64(src + 8);
     lo_size = AV_RL64(src + 16);
     ac_size = AV_RL64(src + 24);