x/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-11 08:13:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/golomb: Fix get_ur_golomb_jpegls() with esclen = 0

Browse Source 
If there is no escape case then reaching that branch is an error

Fixes: shift exponent 32 is too large for 32-bit type 'uint32_t' (aka 'unsigned int')
Fixes: 472335543/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-6682453243920384

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-03-02 18:41:13 +01:00
parent bdea5aec2d
commit fb3012269e
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libavcodec/golomb.h
+2 -2
View File
@@ -455,7 +455,7 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
buf = get_bits_long(gb, k);
return buf + (i << k);
} else if (i == limit - 1) {
} else if (esc_len && i == limit - 1) {
buf = get_bits_long(gb, esc_len);
return buf + 1;
@@ -512,7 +512,7 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit,
}
buf += ((SUINT)i << k);
} else if (i == limit - 1) {
} else if (esc_len && i == limit - 1) {
buf = SHOW_UBITS(re, gb, esc_len);
LAST_SKIP_BITS(re, gb, esc_len);