From patchwork Tue Jan 30 09:40:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Plowman X-Patchwork-Id: 45900 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:8786:b0:199:de12:6fa6 with SMTP id ph6csp2044293pzb; Tue, 30 Jan 2024 01:41:26 -0800 (PST) X-Google-Smtp-Source: AGHT+IH69yxNbHpQ/jFc+4t6I6ELfWt7PUwiQWrgiHmmFFUepNa4tcCN7lH8XFoCbCmRLz9NAFoa X-Received: by 2002:a17:906:28cf:b0:a35:6b83:2a0a with SMTP id p15-20020a17090628cf00b00a356b832a0amr5070186ejd.36.1706607686045; Tue, 30 Jan 2024 01:41:26 -0800 (PST) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id dx14-20020a170906a84e00b00a363f2333b0si37614ejb.359.2024.01.30.01.41.25; Tue, 30 Jan 2024 01:41:26 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@frankplowman.com header.s=zmail header.b=CqXFf999; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2B60A68D201; Tue, 30 Jan 2024 11:41:23 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from sender11-op-o12.zoho.eu (sender11-op-o12.zoho.eu [31.186.226.226]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0468768D201 for ; Tue, 30 Jan 2024 11:41:15 +0200 (EET) Delivered-To: post@frankplowman.com ARC-Seal: i=1; a=rsa-sha256; t=1706607672; cv=none; d=zohomail.eu; s=zohoarc; b=c4bloRgIMPQUivG8TsF8oGYONOae5OxnXLjeOy8i1zt+oXrJ1FDOOrWakTkolLym/LTnUEyXs8hk9KVJkv/juOgKVZuRTiNkhxiFt9JGhtz4O2PPCrc207irbKmEkhIZ/dOuVX9Hs2ZAcky/Z2izS5wyEnMo0BsuOnBR1riwmmM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu; s=zohoarc; t=1706607672; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:MIME-Version:Message-ID:Subject:Subject:To:To:Message-Id:Reply-To; bh=VxVqI+EEzQNagSvieLBuQEUzworQtI5bcmkh6JoU99c=; b=ejLdWRX0FF4sd5aDYnmNNNT0xaZ0yBDpuaZ4+3Px5gTAz3nailmqj2BX9aEiqTVtZiKgAJIm8AbdywNucOpFjf4GoluMLWq0g3WH6194MfobMV3av+wbaJHfXFlfKQIV7XJtN7YjMAOVQZWszUf+03cibbWtftDj2H7KEpKLoDI= ARC-Authentication-Results: i=1; mx.zohomail.eu; dkim=pass header.i=frankplowman.com; spf=pass smtp.mailfrom=post@frankplowman.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1706607672; s=zmail; d=frankplowman.com; i=post@frankplowman.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-ID:MIME-Version:Content-Transfer-Encoding:Message-Id:Reply-To; bh=VxVqI+EEzQNagSvieLBuQEUzworQtI5bcmkh6JoU99c=; b=CqXFf999kURqbkoh87NjPtDP+ppPIsMGWkCKymdhVTO12YNwMu7/zuRZoZkGJqQA OybJEtLnvPiq4nRfD6fgQsCXwdMy0knJVdbFOtmi/Ml670beSvJZndpy7zWosi7wuLR sbTZUG763MuWy0fPK48hUASuccmjfJ/5Lw6Lg+qw= Received: from localhost.localdomain (frankplowman.com [51.89.148.29]) by mx.zoho.eu with SMTPS id 1706607668439158.32988259467209; Tue, 30 Jan 2024 10:41:08 +0100 (CET) From: post@frankplowman.com To: ffmpeg-devel@ffmpeg.org Date: Tue, 30 Jan 2024 09:40:57 +0000 Message-ID: <20240130094057.62515-1-post@frankplowman.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-ZohoMailClient: External Subject: [FFmpeg-devel] [PATCH] lavc/vvc: Add check to num_multi_layer_olss X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Frank Plowman Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: Si9RGUksbKfp From: Frank Plowman Check that vps_each_layer_is_an_ols_flag, which indicates that "at least one OLS specified by the VPS contains more than one layer," is set if num_multi_layer_olss is non-zero. Fixes: 65160/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4665241535119360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Frank Plowman --- libavcodec/cbs_h266_syntax_template.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/cbs_h266_syntax_template.c b/libavcodec/cbs_h266_syntax_template.c index 2f3478e5e1..37dc3acba0 100644 --- a/libavcodec/cbs_h266_syntax_template.c +++ b/libavcodec/cbs_h266_syntax_template.c @@ -911,6 +911,8 @@ static int FUNC(vps) (CodedBitstreamContext *ctx, RWContext *rw, num_multi_layer_olss++; } } + if (!current->vps_each_layer_is_an_ols_flag && num_multi_layer_olss == 0) + return AVERROR_INVALIDDATA; } for (i = 0; i <= current->vps_num_ptls_minus1; i++) {