github-mirrors/FFmpeg
1
0
Fork 0
mirror of https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg synced 2026-04-20 21:00:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/exr: check tile_attr.x/ySize

Browse Source 
Fixes: division by zero
Fixes: 473579863/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_DEC_fuzzer-5105281257504768

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-02-21 02:05:03 +01:00
parent fa2aec73ed
commit c5ccc13fe0
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/exr.c
View File

@@ -2247,6 +2247,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *picture,
out_line_size = avctx->width * s->desc->comp[0].step;
if (s->is_tile) {
if (s->tile_attr.ySize <= 0 || s->tile_attr.xSize <= 0)
return AVERROR_INVALIDDATA;
nb_blocks = ((s->xdelta + s->tile_attr.xSize - 1) / s->tile_attr.xSize) *
((s->ydelta + s->tile_attr.ySize - 1) / s->tile_attr.ySize);
} else { /* scanline */