[FFmpeg-devel] [PATCH] avcodec/mjpegdec: Size bound is for sequectial mjpeg (PR #21245)

michaelni via ffmpeg-devel Fri, 19 Dec 2025 10:56:16 -0800

PR #21245 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21245
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21245.patch


Fixes: issue21225

The testcase 
6381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5665032743419904
 still exits within 240ms

Signed-off-by: Michael Niedermayer <[email protected]>

Fixes: https://code.ffmpeg.org/FFmpeg/FFmpeg/issues/21225


>From 9c0c21a8acaaf45a4598329395436105695b9803 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <[email protected]>
Date: Fri, 19 Dec 2025 19:45:56 +0100
Subject: [PATCH] avcodec/mjpegdec: Size bound is for sequectial mjpeg

Fixes: issue21225

The testcase 
6381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5665032743419904
 still exits within 240ms

Signed-off-by: Michael Niedermayer <[email protected]>
---
 libavcodec/mjpegdec.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 4d7cdfde12..05150e982c 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -340,9 +340,11 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s)
     if (av_image_check_size(width, height, 0, s->avctx) < 0)
         return AVERROR_INVALIDDATA;
 
-    // A valid frame requires at least 1 bit for DC + 1 bit for AC for each 
8x8 block.
-    if (s->buf_size && (width + 7) / 8 * ((height + 7) / 8) > s->buf_size * 
4LL)
-        return AVERROR_INVALIDDATA;
+    if (!s->progressive && !s->ls) {
+        // A valid frame requires at least 1 bit for DC + 1 bit for AC for 
each 8x8 block.
+        if (s->buf_size && (width + 7) / 8 * ((height + 7) / 8) > s->buf_size 
* 4LL)
+            return AVERROR_INVALIDDATA;
+    }
 
     nb_components = get_bits(&s->gb, 8);
     if (nb_components <= 0 ||
-- 
2.49.1

_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[FFmpeg-devel] [PATCH] avcodec/mjpegdec: Size bound is for sequectial mjpeg (PR #21245)

Reply via email to