[FFmpeg-devel] [PATCH 5/9] avcodec/cbs_h266_syntax_template: Check bit depth with range extension
Frank Plowman
post at frankplowman.com
Fri Sep 20 20:05:46 EEST 2024
On 20/09/2024 01:54, James Almer wrote:
> On 9/19/2024 9:34 PM, Michael Niedermayer wrote:
>> On Thu, Sep 19, 2024 at 08:53:07PM -0300, James Almer wrote:
>>> On 9/19/2024 7:56 PM, Michael Niedermayer wrote:
>>>> Fixes: shift exponent 62 is too large for 32-bit type 'int'
>>>> Fixes:
>>>> 71020/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-6444916325023744
>>>>
>>>> Found-by: continuous fuzzing process
>>>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>>>> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
>>>> ---
>>>> libavcodec/cbs_h266_syntax_template.c | 3 +++
>>>> 1 file changed, 3 insertions(+)
>>>>
>>>> diff --git a/libavcodec/cbs_h266_syntax_template.c
>>>> b/libavcodec/cbs_h266_syntax_template.c
>>>> index a8f5af04d02..1c111126563 100644
>>>> --- a/libavcodec/cbs_h266_syntax_template.c
>>>> +++ b/libavcodec/cbs_h266_syntax_template.c
>>>> @@ -1041,6 +1041,9 @@ static int
>>>> FUNC(sps_range_extension)(CodedBitstreamContext *ctx, RWContext *rw,
>>>> {
>>>> int err;
>>>> + if (current->sps_bitdepth_minus8 < 10)
>>>
>>> sps_bitdepth_minus8 can only be between 0 and 8, so this is basically
>>> making
>>> it abort on any and every sample with SPS range extension.
>>
>> + if (current->sps_bitdepth_minus8 < 10 - 8)
>
> Ok, this is different.
>
>>
>> Its supposed to check this:
>> "When BitDepth is less
>> than or equal to 10, the value of sps_range_extension_flag shall be
>> equal to 0."
>
> Should be "<= (10 - 8)" then, and LGTM.
>
LGTM, although nit: I think intent would be clearer and the code would
correspond better with the standard if the check was moved to the parent
function next to the flag itself.
--
Frank
More information about the ffmpeg-devel
mailing list