[FFmpeg-devel] [PATCH 5/9] avcodec/cbs_h266_syntax_template: Check bit depth with range extension
Michael Niedermayer
michael at niedermayer.cc
Tue Sep 24 16:17:33 EEST 2024
On Fri, Sep 20, 2024 at 06:05:46PM +0100, Frank Plowman wrote:
> On 20/09/2024 01:54, James Almer wrote:
> > On 9/19/2024 9:34 PM, Michael Niedermayer wrote:
> >> On Thu, Sep 19, 2024 at 08:53:07PM -0300, James Almer wrote:
> >>> On 9/19/2024 7:56 PM, Michael Niedermayer wrote:
> >>>> Fixes: shift exponent 62 is too large for 32-bit type 'int'
> >>>> Fixes:
> >>>> 71020/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-6444916325023744
> >>>>
> >>>> Found-by: continuous fuzzing process
> >>>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> >>>> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> >>>> ---
> >>>> libavcodec/cbs_h266_syntax_template.c | 3 +++
> >>>> 1 file changed, 3 insertions(+)
> >>>>
> >>>> diff --git a/libavcodec/cbs_h266_syntax_template.c
> >>>> b/libavcodec/cbs_h266_syntax_template.c
> >>>> index a8f5af04d02..1c111126563 100644
> >>>> --- a/libavcodec/cbs_h266_syntax_template.c
> >>>> +++ b/libavcodec/cbs_h266_syntax_template.c
> >>>> @@ -1041,6 +1041,9 @@ static int
> >>>> FUNC(sps_range_extension)(CodedBitstreamContext *ctx, RWContext *rw,
> >>>> {
> >>>> int err;
> >>>> + if (current->sps_bitdepth_minus8 < 10)
> >>>
> >>> sps_bitdepth_minus8 can only be between 0 and 8, so this is basically
> >>> making
> >>> it abort on any and every sample with SPS range extension.
> >>
> >> + if (current->sps_bitdepth_minus8 < 10 - 8)
> >
> > Ok, this is different.
> >
> >>
> >> Its supposed to check this:
> >> "When BitDepth is less
> >> than or equal to 10, the value of sps_range_extension_flag shall be
> >> equal to 0."
> >
> > Should be "<= (10 - 8)" then, and LGTM.
will change
> >
>
> LGTM, although nit: I think intent would be clearer and the code would
> correspond better with the standard if the check was moved to the parent
> function next to the flag itself.
ok, will move it there
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
There will always be a question for which you do not know the correct answer.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240924/103911fa/attachment.sig>
More information about the ffmpeg-devel
mailing list