This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/4.4 in repository ffmpeg.
commit 957f06d9d201dfe2683be817fbc1c7f14e51fe36 Author: Michael Niedermayer <[email protected]> AuthorDate: Fri Dec 19 19:45:56 2025 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 18:54:55 2026 +0200 avcodec/mjpegdec: only test the size bound in sequential mjpeg The original fix was intended only for sequential mjpeg, but it was also used for progressive which broke. This commit fixes this regression Fixes: issue21225 The testcase 6381/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEGLS_fuzzer-5665032743419904 still exits within 240ms Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ecd29191747b4546cf2b5fbe84402e18163a3430) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/mjpegdec.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index be7c64894c..4f79e87505 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -339,9 +339,11 @@ int ff_mjpeg_decode_sof(MJpegDecodeContext *s) if (av_image_check_size(width, height, 0, s->avctx) < 0) return AVERROR_INVALIDDATA; - // A valid frame requires at least 1 bit for DC + 1 bit for AC for each 8x8 block. - if (s->buf_size && (width + 7) / 8 * ((height + 7) / 8) > s->buf_size * 4LL) - return AVERROR_INVALIDDATA; + if (!s->progressive && !s->ls) { + // A valid frame requires at least 1 bit for DC + 1 bit for AC for each 8x8 block. + if (s->buf_size && (width + 7) / 8 * ((height + 7) / 8) > s->buf_size * 4LL) + return AVERROR_INVALIDDATA; + } nb_components = get_bits(&s->gb, 8); if (nb_components <= 0 || _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
