Message ID | 20220815175927.8743-2-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 3b51e1992289383aa9f083c88e153e34b6412c89 |
Headers | show |
Series | [FFmpeg-devel,1/4] avcodec/mpegaudiodec_template: use unsigned shift in handle_crc() | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c index f1be8af2cd..477d6d9d36 100644 --- a/libavcodec/hevcdec.c +++ b/libavcodec/hevcdec.c @@ -3498,7 +3498,7 @@ static int hevc_decode_frame(AVCodecContext *avctx, AVFrame *rframe, } } else { /* verify the SEI checksum */ - if (avctx->err_recognition & AV_EF_CRCCHECK && s->is_decoded && + if (avctx->err_recognition & AV_EF_CRCCHECK && s->ref && s->is_decoded && s->sei.picture_hash.is_md5) { ret = verify_md5(s, s->ref->frame); if (ret < 0 && avctx->err_recognition & AV_EF_EXPLODE) {
This is somewhat redundant with the is_decoded check. Maybe there is a nicer solution Fixes: Null pointer dereference Fixes: 49584/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5297367351427072 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/hevcdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)