avcodec/jpeg2000dec: Clear header derived variables
authorMichael Niedermayer <michael@niedermayer.cc>
Wed, 6 May 2026 00:33:01 +0000 (02:33 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Thu, 18 Jun 2026 18:30:55 +0000 (20:30 +0200)
Fixes: NULL pointer dereference

Found-by: Oguzhan Akkaya with AFL++ fuzzing (May 2026)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6631bbc5d47082a6212e3c82fce0215fce2dbac6)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/jpeg2000dec.c

index aebf43bc978a41d62d2339068b10eb0aed2b9794..a188132aa4e34d750f1773b1800c4e59dc633ea6 100644 (file)
@@ -2417,8 +2417,14 @@ static void jpeg2000_dec_cleanup(Jpeg2000DecoderContext *s)
     memset(s->qntsty, 0, sizeof(s->qntsty));
     memset(s->properties, 0, sizeof(s->properties));
     memset(&s->poc  , 0, sizeof(s->poc));
+    memset(s->roi_shift, 0, sizeof(s->roi_shift));
     s->numXtiles = s->numYtiles = 0;
     s->ncomponents = 0;
+    s->has_ppm = 0;
+    s->isHT = 0;
+    s->precision = 0;
+    s->colour_space = 0;
+    s->pal8 = 0;
 }
 
 static int jpeg2000_read_main_headers(Jpeg2000DecoderContext *s)