[FFmpeg-devel] [PATCH 6/8] avcodec/vvc/ctu: Check palette_escape_val
Nuo Mi
nuomi2021 at gmail.com
Sun Jun 22 05:25:04 EEST 2025
On Fri, Jun 20, 2025 at 8:40 AM Michael Niedermayer <michael at niedermayer.cc>
wrote:
> Fixes: integer overflow
> Fixes:
> 418314174/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-4871731867353088
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavcodec/vvc/ctu.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/libavcodec/vvc/ctu.c b/libavcodec/vvc/ctu.c
> index ba4c89b1d1b..7fa2b496389 100644
> --- a/libavcodec/vvc/ctu.c
> +++ b/libavcodec/vvc/ctu.c
> @@ -2053,6 +2053,8 @@ static int palette_subblock_data(VVCLocalContext *lc,
> const int v = PALETTE_INDEX(xc, yc);
> if (v == esc) {
> const int coeff = ff_vvc_palette_escape_val(lc);
>
A check for < 0 is needed.
> + if (coeff >= (1U << sps->bit_depth))
> + return AVERROR_INVALIDDATA;
const int pixel = av_clip_intp2(RSHIFT(coeff * scale,
> 6), sps->bit_depth);
> PALETTE_SET_PIXEL(xc, yc, pixel);
> } else {
> --
> 2.49.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
More information about the ffmpeg-devel
mailing list