[FFmpeg-devel] [PATCH 3/4] avformat/mxfdec: Check component_depth in mxf_get_color_range()
Michael Niedermayer
michael at niedermayer.cc
Thu Dec 9 14:19:39 EET 2021
On Wed, Dec 08, 2021 at 12:38:56AM +0100, Tomas Härdin wrote:
> lör 2021-12-04 klockan 22:32 +0100 skrev Michael Niedermayer:
> > Fixes: shift exponent 4294967163 is too large for 32-bit type 'int'
> > Fixes: 41449/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-
> > 6183636217495552
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavformat/mxfdec.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index af9d33f7969..c231c944c01 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -2274,12 +2274,12 @@ static enum AVColorRange
> > mxf_get_color_range(MXFContext *mxf, MXFDescriptor *des
> > /* CDCI range metadata */
> > if (!descriptor->component_depth)
> > return AVCOL_RANGE_UNSPECIFIED;
> > - if (descriptor->black_ref_level == 0 &&
> > + if (descriptor->black_ref_level == 0 && descriptor-
> > >component_depth < 31 &&
> > descriptor->white_ref_level == ((1<<descriptor-
> > >component_depth) - 1) &&
> > (descriptor->color_range == (1<<descriptor-
> > >component_depth) ||
> > descriptor->color_range == ((1<<descriptor-
> > >component_depth) - 1)))
> > return AVCOL_RANGE_JPEG;
> > - if (descriptor->component_depth >= 8 &&
> > + if (descriptor->component_depth >= 8 && descriptor-
> > >component_depth < 31 &&
> > descriptor->black_ref_level == (1 <<(descriptor-
> > >component_depth - 4)) &&
> > descriptor->white_ref_level == (235<<(descriptor-
> > >component_depth - 8)) &&
> > descriptor->color_range == ((14<<(descriptor-
> > >component_depth - 4)) + 1))
>
> Looks OK
will apply
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
No human being will ever know the Truth, for even if they happen to say it
by chance, they would not even known they had done so. -- Xenophanes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20211209/6d72b9a0/attachment.sig>
More information about the ffmpeg-devel
mailing list