This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new ecd2919174 avcodec/mjpegdec: only test the size bound in sequential
mjpeg
ecd2919174 is described below
commit ecd29191747b4546cf2b5fbe84402e18163a3430
Author: Michael Niedermayer <[email protected]>
AuthorDate: Fri Dec 19 19:45:56 2025 +0100
Commit: michaelni <[email protected]>
CommitDate: Mon Dec 29 13:57:33 2025 +0000
avcodec/mjpegdec: only test the size bound in sequential mjpeg
The original fix was intended only for sequential mjpeg, but it was also
used for progressive
which broke. This commit fixes this regression
Fixes: issue21225
The testcase
6381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5665032743419904
still exits within 240ms
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavcodec/mjpegdec.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 4d7cdfde12..05150e982c 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -340,9 +340,11 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
if (av_image_check_size(width, height, 0, s->avctx) < 0)
return AVERROR_INVALIDDATA;
- // A valid frame requires at least 1 bit for DC + 1 bit for AC for each
8x8 block.
- if (s->buf_size && (width + 7) / 8 * ((height + 7) / 8) > s->buf_size *
4LL)
- return AVERROR_INVALIDDATA;
+ if (!s->progressive && !s->ls) {
+ // A valid frame requires at least 1 bit for DC + 1 bit for AC for
each 8x8 block.
+ if (s->buf_size && (width + 7) / 8 * ((height + 7) / 8) > s->buf_size
* 4LL)
+ return AVERROR_INVALIDDATA;
+ }
nb_components = get_bits(&s->gb, 8);
if (nb_components <= 0 ||
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
