[FFmpeg-devel] [PATCH] avcodec/cbs_h266_syntax_template: Check num_output_layers_in_ols
Nuo Mi
nuomi2021 at gmail.com
Tue Sep 19 18:28:20 EEST 2023
On Tue, Sep 19, 2023 at 11:26 PM Nuo Mi <nuomi2021 at gmail.com> wrote:
> from the specification:
> For each OLS, there shall be at least one layer that is an output layer.
> In other words, for any value of i in the range of 0
> to TotalNumOlss − 1, inclusive, the value of NumOutputLayersInOls[ i ]
> shall be greater than or equal to 1
>
> Fixes: index 257 out of bounds for type 'uint8_t [257]'
> Fixes:
> 61160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-6709397181825024
>
replaces
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230905020358.32527-2-michael@niedermayer.cc/
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/cbs_h266_syntax_template.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libavcodec/cbs_h266_syntax_template.c
> b/libavcodec/cbs_h266_syntax_template.c
> index f0d428a478..2077aa63bf 100644
> --- a/libavcodec/cbs_h266_syntax_template.c
> +++ b/libavcodec/cbs_h266_syntax_template.c
> @@ -891,6 +891,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx,
> RWContext *rw,
> }
> }
> }
> + if (!num_output_layers_in_ols[i])
> + return AVERROR_INVALIDDATA;
> }
> for (i = 1; i < total_num_olss; i++) {
> int num_layers_in_ols = 0;
> --
> 2.25.1
>
>
More information about the ffmpeg-devel
mailing list