PR #21728 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21728 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21728.patch
Fixes: memleak Fixes: 477993717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_DEC_fuzzer-4515108431921152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From 1ae4a50332495b42175eff89858c74635858dae3 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Tue, 10 Feb 2026 21:00:15 +0100 Subject: [PATCH] avcodec/mjpegdec: Check for multiple exif Fixes: memleak Fixes: 477993717/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AMV_DEC_fuzzer-4515108431921152 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/mjpegdec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c index 8486082861..eb8678e466 100644 --- a/libavcodec/mjpegdec.c +++ b/libavcodec/mjpegdec.c @@ -2058,6 +2058,11 @@ static int mjpeg_decode_app(MJpegDecodeContext *s, int start_code) bytestream2_skipu(&s->gB, 2); // skip padding len -= 2; + if (s->exif_metadata.entries) { + av_log(s->avctx, AV_LOG_WARNING, "multiple EXIF\n"); + goto out; + } + ret = av_exif_parse_buffer(s->avctx, s->gB.buffer, len, &s->exif_metadata, AV_EXIF_TIFF_HEADER); if (ret < 0) { av_log(s->avctx, AV_LOG_WARNING, "unable to parse EXIF buffer\n"); -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
