PR #20879 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20879 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20879.patch
Fixes: out of array access Fixes: 418335931/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_DEC_fuzzer-6718455383654400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From f14110ac5d9d7deff51c5bdcdd38eace991fc199 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Sun, 9 Nov 2025 16:39:45 +0100 Subject: [PATCH] avcodec/exr: Handle axmax like bxmin in 04d7a6d3db56ea1a93908ff2d3d312e3fc40a58c Fixes: out of array access Fixes: 418335931/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_DEC_fuzzer-6718455383654400 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/exr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/exr.c b/libavcodec/exr.c index 536a55c5be..ca450a988e 100644 --- a/libavcodec/exr.c +++ b/libavcodec/exr.c @@ -1485,7 +1485,8 @@ static int decode_block(AVCodecContext *avctx, void *tdata, } // Zero out the end if xmax+1 is not w - memset(ptr_x, 0, axmax); + if (s->desc->flags & AV_PIX_FMT_FLAG_PLANAR || !c) + memset(ptr_x, 0, axmax); channel_buffer[c] += td->channel_line_size; } } -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
