| Message ID | 20230723180303.8000-5-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | c5c719f030a209cc404754f928972a6c1a24dfef |
| Headers | show |
| Series | [FFmpeg-devel,1/5] avcodec/vmixdec: Check for end of input in decode_dcac() | expand |
| Context | Check | Description |
|---|---|---|
| andriy/configure_x86 | warning | Failed to apply patch |
| yinshiyou/configure_loongarch64 | warning | Failed to apply patch |
On 7/23/2023 3:03 PM, Michael Niedermayer wrote: > Fixes: NULL pointer dereference > Fixes: 60269/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-5215449416335360 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/h266_metadata_bsf.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/h266_metadata_bsf.c b/libavcodec/h266_metadata_bsf.c > index c0dbf8ef96..1f0f875cfe 100644 > --- a/libavcodec/h266_metadata_bsf.c > +++ b/libavcodec/h266_metadata_bsf.c > @@ -43,7 +43,7 @@ static int h266_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt, > int err, i; > > // If an AUD is present, it must be the first NAL unit. > - if (pu->units[0].type == VVC_AUD_NUT) { > + if (pu->nb_units && pu->units[0].type == VVC_AUD_NUT) { > if (ctx->aud == BSF_ELEMENT_REMOVE) > ff_cbs_delete_unit(pu, 0); > } else if ( pkt && ctx->aud == BSF_ELEMENT_INSERT) { Should be ok.
On Sun, Jul 23, 2023 at 03:07:32PM -0300, James Almer wrote: > On 7/23/2023 3:03 PM, Michael Niedermayer wrote: > > Fixes: NULL pointer dereference > > Fixes: 60269/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-5215449416335360 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/h266_metadata_bsf.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/h266_metadata_bsf.c b/libavcodec/h266_metadata_bsf.c > > index c0dbf8ef96..1f0f875cfe 100644 > > --- a/libavcodec/h266_metadata_bsf.c > > +++ b/libavcodec/h266_metadata_bsf.c > > @@ -43,7 +43,7 @@ static int h266_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt, > > int err, i; > > // If an AUD is present, it must be the first NAL unit. > > - if (pu->units[0].type == VVC_AUD_NUT) { > > + if (pu->nb_units && pu->units[0].type == VVC_AUD_NUT) { > > if (ctx->aud == BSF_ELEMENT_REMOVE) > > ff_cbs_delete_unit(pu, 0); > > } else if ( pkt && ctx->aud == BSF_ELEMENT_INSERT) { > > Should be ok. will apply thx [...]
diff --git a/libavcodec/h266_metadata_bsf.c b/libavcodec/h266_metadata_bsf.c index c0dbf8ef96..1f0f875cfe 100644 --- a/libavcodec/h266_metadata_bsf.c +++ b/libavcodec/h266_metadata_bsf.c @@ -43,7 +43,7 @@ static int h266_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt, int err, i; // If an AUD is present, it must be the first NAL unit. - if (pu->units[0].type == VVC_AUD_NUT) { + if (pu->nb_units && pu->units[0].type == VVC_AUD_NUT) { if (ctx->aud == BSF_ELEMENT_REMOVE) ff_cbs_delete_unit(pu, 0); } else if ( pkt && ctx->aud == BSF_ELEMENT_INSERT) {
Fixes: NULL pointer dereference Fixes: 60269/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-5215449416335360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/h266_metadata_bsf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)