ffmpeg-4/ffmpeg-4-CVE-2025-22921.patch

From 7f9c7f9849a2155224711f0ff57ecdac6e4bfb57 Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Wed, 1 Jan 2025 23:58:39 -0300
Subject: [PATCH] avcodec/jpeg2000dec: clear array length when freeing it

Fixes NULL pointer dereferences.
Fixes ticket #11393.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavcodec/jpeg2000dec.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c
index e5e897a29f..b82d85d5ee 100644
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -1521,6 +1521,7 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext *s, Jpeg2000Tile *tile,
                 }
             }
             av_freep(&cblk->lengthinc);
+            cblk->nb_lengthinc = 0;
         }
     }
     // Save state of stream
-- 
2.44.0
Add patches for 6 CVEs 2025-02-24 23:44:16 +08:00			`From 7f9c7f9849a2155224711f0ff57ecdac6e4bfb57 Mon Sep 17 00:00:00 2001`
			`From: James Almer <jamrial@gmail.com>`
			`Date: Wed, 1 Jan 2025 23:58:39 -0300`
			`Subject: [PATCH] avcodec/jpeg2000dec: clear array length when freeing it`

			`Fixes NULL pointer dereferences.`
			`Fixes ticket #11393.`

			`Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>`
			`Signed-off-by: James Almer <jamrial@gmail.com>`
			`---`
			`libavcodec/jpeg2000dec.c \| 1 +`
			`1 file changed, 1 insertion(+)`

			`diff --git a/libavcodec/jpeg2000dec.c b/libavcodec/jpeg2000dec.c`
			`index e5e897a29f..b82d85d5ee 100644`
			`--- a/libavcodec/jpeg2000dec.c`
			`+++ b/libavcodec/jpeg2000dec.c`
			`@@ -1521,6 +1521,7 @@ static int jpeg2000_decode_packet(Jpeg2000DecoderContext s, Jpeg2000Tile tile,`
			`}`
			`}`
			`av_freep(&cblk->lengthinc);`
			`+ cblk->nb_lengthinc = 0;`
			`}`
			`}`
			`// Save state of stream`
			`--`
			`2.44.0`