PR #22243 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22243 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22243.patch
Fixes: division by zero Fixes: 473579863/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_DEC_fuzzer-5105281257504768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From 9c1dde6c4af3fe22dc1d340f58706f3c016275f1 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Sat, 21 Feb 2026 02:05:03 +0100 Subject: [PATCH] avcodec/exr: check tile_attr.ySize Fixes: division by zero Fixes: 473579863/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_EXR_DEC_fuzzer-5105281257504768 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/exr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/exr.c b/libavcodec/exr.c index ebcf84722d..0808efbdb3 100644 --- a/libavcodec/exr.c +++ b/libavcodec/exr.c @@ -2247,6 +2247,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *picture, out_line_size = avctx->width * s->desc->comp[0].step; if (s->is_tile) { + if (s->tile_attr.ySize <= 0) + return AVERROR_INVALIDDATA; nb_blocks = ((s->xdelta + s->tile_attr.xSize - 1) / s->tile_attr.xSize) * ((s->ydelta + s->tile_attr.ySize - 1) / s->tile_attr.ySize); } else { /* scanline */ -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
