Message ID | 20240401205607.9093-5-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | d58037c18e540b824af49baf3e384f59176b7869 |
Headers | show |
Series | [FFmpeg-devel,1/6] avformat/isom: Uninit layout in ff_mp4_read_dec_config_descr() | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
On 4/1/2024 5:56 PM, Michael Niedermayer wrote: > Fixes: null pointer dereference > Fixes: 67737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4858162608930816 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/hevc_ps.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c > index 38b3721a6d5..25f087ed754 100644 > --- a/libavcodec/hevc_ps.c > +++ b/libavcodec/hevc_ps.c > @@ -460,7 +460,7 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, > int ret = AVERROR_INVALIDDATA; > HEVCVPS *vps; > > - if (ps->pps_list[vps_id]) { > + if (ps->vps_list[vps_id]) { > const HEVCVPS *vps1 = ps->vps_list[vps_id]; > if (vps1->data_size == nal_size && > !memcmp(vps1->data, gb->buffer, vps1->data_size)) LGTM.
On Tue, Apr 02, 2024 at 09:12:09AM -0300, James Almer wrote: > On 4/1/2024 5:56 PM, Michael Niedermayer wrote: > > Fixes: null pointer dereference > > Fixes: 67737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4858162608930816 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/hevc_ps.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c > > index 38b3721a6d5..25f087ed754 100644 > > --- a/libavcodec/hevc_ps.c > > +++ b/libavcodec/hevc_ps.c > > @@ -460,7 +460,7 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, > > int ret = AVERROR_INVALIDDATA; > > HEVCVPS *vps; > > - if (ps->pps_list[vps_id]) { > > + if (ps->vps_list[vps_id]) { > > const HEVCVPS *vps1 = ps->vps_list[vps_id]; > > if (vps1->data_size == nal_size && > > !memcmp(vps1->data, gb->buffer, vps1->data_size)) > > LGTM. will apply thx [...]
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 38b3721a6d5..25f087ed754 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -460,7 +460,7 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, int ret = AVERROR_INVALIDDATA; HEVCVPS *vps; - if (ps->pps_list[vps_id]) { + if (ps->vps_list[vps_id]) { const HEVCVPS *vps1 = ps->vps_list[vps_id]; if (vps1->data_size == nal_size && !memcmp(vps1->data, gb->buffer, vps1->data_size))
Fixes: null pointer dereference Fixes: 67737/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4858162608930816 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/hevc_ps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)