diff mbox

[FFmpeg-devel,3/4] avcodec/h264_mc_template: Only prefetch motion if the list is used.

Message ID 20180608221130.12644-3-michael@niedermayer.cc
State Accepted
Commit 8b55591757244d8244a2be369c2b54c9ae79b02a
Headers show

Commit Message

Michael Niedermayer June 8, 2018, 10:11 p.m. UTC
Fixes: index 59 out of bounds for type 'H264Ref [48]'
Fixes: 8232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5703295145345024

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/h264_mc_template.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Michael Niedermayer June 10, 2018, 5:11 p.m. UTC | #1
On Sat, Jun 09, 2018 at 12:11:29AM +0200, Michael Niedermayer wrote:
> Fixes: index 59 out of bounds for type 'H264Ref [48]'
> Fixes: 8232/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5703295145345024
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/h264_mc_template.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

will apply

[...]
diff mbox

Patch

diff --git a/libavcodec/h264_mc_template.c b/libavcodec/h264_mc_template.c
index 58c05044c1..d02e2bf580 100644
--- a/libavcodec/h264_mc_template.c
+++ b/libavcodec/h264_mc_template.c
@@ -78,7 +78,8 @@  static void MCFUNC(hl_motion)(const H264Context *h, H264SliceContext *sl,
 
     if (HAVE_THREADS && (h->avctx->active_thread_type & FF_THREAD_FRAME))
         await_references(h, sl);
-    prefetch_motion(h, sl, 0, PIXEL_SHIFT, CHROMA_IDC);
+    if (USES_LIST(mb_type, 0))
+        prefetch_motion(h, sl, 0, PIXEL_SHIFT, CHROMA_IDC);
 
     if (IS_16X16(mb_type)) {
         mc_part(h, sl, 0, 1, 16, 0, dest_y, dest_cb, dest_cr, 0, 0,