[FFmpeg-cvslog] avformat/mxfdec: Check component_depth in mxf_get_color_range()

Wed, 06 Apr 2022 11:32:55 -0700 

ffmpeg | branch: release/4.4 | Michael Niedermayer <[email protected]> | 
Sat Dec  4 22:32:57 2021 +0100| [8720b1b4801c4b09c1669ffef591be3af7683f9e] | 
committer: Michael Niedermayer

avformat/mxfdec: Check component_depth in mxf_get_color_range()

Fixes: shift exponent 4294967163 is too large for 32-bit type 'int'
Fixes: 
41449/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-6183636217495552

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Tomas Härdin <[email protected]>
Signed-off-by: Michael Niedermayer <[email protected]>
(cherry picked from commit a4af92d7cb044424d31a99fc2f8a091f882036a5)
Signed-off-by: Michael Niedermayer <[email protected]>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8720b1b4801c4b09c1669ffef591be3af7683f9e
---

 libavformat/mxfdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 50174fcd5f..b8f83541c6 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -2253,12 +2253,12 @@ static enum AVColorRange mxf_get_color_range(MXFContext 
*mxf, MXFDescriptor *des
         /* CDCI range metadata */
         if (!descriptor->component_depth)
             return AVCOL_RANGE_UNSPECIFIED;
-        if (descriptor->black_ref_level == 0 &&
+        if (descriptor->black_ref_level == 0 && descriptor->component_depth < 
31 &&
             descriptor->white_ref_level == ((1<<descriptor->component_depth) - 
1) &&
             (descriptor->color_range    == (1<<descriptor->component_depth) ||
              descriptor->color_range    == ((1<<descriptor->component_depth) - 
1)))
             return AVCOL_RANGE_JPEG;
-        if (descriptor->component_depth >= 8 &&
+        if (descriptor->component_depth >= 8 && descriptor->component_depth < 
31 &&
             descriptor->black_ref_level == (1  <<(descriptor->component_depth 
- 4)) &&
             descriptor->white_ref_level == (235<<(descriptor->component_depth 
- 8)) &&
             descriptor->color_range     == ((14<<(descriptor->component_depth 
- 4)) + 1))

_______________________________________________
ffmpeg-cvslog mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".

Reply via email to