This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/4.4 in repository ffmpeg.
commit 000c69ae30fd1d4ae10afec878d1480795c6865e Author: Michael Niedermayer <[email protected]> AuthorDate: Sun Feb 15 23:57:49 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Tue May 5 18:55:03 2026 +0200 avcodec/golomb: Fix get_ur_golomb_jpegls() with esclen = 0 If there is no escape case then reaching that branch is an error Fixes: shift exponent 32 is too large for 32-bit type 'uint32_t' (aka 'unsigned int') Fixes: 472335543/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DST_fuzzer-6682453243920384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit fb3012269e3d768e17f6fc1ebec984648e62910a) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/golomb.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/golomb.h b/libavcodec/golomb.h index defee7139b..9489ce6fb9 100644 --- a/libavcodec/golomb.h +++ b/libavcodec/golomb.h @@ -457,7 +457,7 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit, buf = get_bits_long(gb, k); return buf + (i << k); - } else if (i == limit - 1) { + } else if (esc_len && i == limit - 1) { buf = get_bits_long(gb, esc_len); return buf + 1; @@ -514,7 +514,7 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit, } buf += ((SUINT)i << k); - } else if (i == limit - 1) { + } else if (esc_len && i == limit - 1) { buf = SHOW_UBITS(re, gb, esc_len); LAST_SKIP_BITS(re, gb, esc_len); _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
