avcodec/cbs_jpeg: Fix uninitialized end index in cbs_jpeg_split_fragment()

Fixes: Out of array read Fixes: 24043/clusterfuzz-testcase-minimized-ffmpeg_BSF_TRACE_HEADERS_fuzzer-5084566275751936.fuzz Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 4a10bc8f6f5d600c44ecb9b43cd9abf13bf3bfae) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2020-07-10 20:37:57 +0300
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-07-11 01:25:33 +0300
commit: 832652a9d10e3e19d04aad424efe1e1754a11306 (patch)
tree: 81a0f6996e47ce9c43c38a5691189c3d7f911851 /libavcodec
parent: 9ee65bf88d6a4ec9587ce119aeae148a190d9838 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/libavcodec/cbs_jpeg.c b/libavcodec/cbs_jpeg.c
index 6959ecee7f..471d77074f 100644
--- a/libavcodec/cbs_jpeg.c
+++ b/libavcodec/cbs_jpeg.c
@@ -149,6 +149,7 @@ static int cbs_jpeg_split_fragment(CodedBitstreamContext *ctx,
             break;
         } else if (marker == JPEG_MARKER_SOS) {
             next_marker = -1;
+            end = start;
             for (i = start; i + 1 < frag->data_size; i++) {
                 if (frag->data[i] != 0xff)
                     continue;
author	Michael Niedermayer <michael@niedermayer.cc>	2020-07-10 20:37:57 +0300
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-07-11 01:25:33 +0300
commit	832652a9d10e3e19d04aad424efe1e1754a11306 (patch)
tree	81a0f6996e47ce9c43c38a5691189c3d7f911851 /libavcodec
parent	9ee65bf88d6a4ec9587ce119aeae148a190d9838 (diff)