Message ID | DB6PR0101MB221412B5A6A7107C45B316518F619@DB6PR0101MB2214.eurprd01.prod.exchangelabs.com |
---|---|
State | Accepted |
Commit | 5e7eaabb42071ac7890daeeba53badfc53845137 |
Headers | show |
Series | [FFmpeg-devel] avcodec/nvdec_hevc: Fix off-by-one error | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
On 06.08.2022 08:01, Andreas Rheinhardt wrote: > Fixes Coverity issues #1442912, #1442913, #1442916 and #1442917. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> > --- > Given that hevc_ps.c checks these values, it is actually impossible > for this error to be triggered. > > libavcodec/nvdec_hevc.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/nvdec_hevc.c b/libavcodec/nvdec_hevc.c > index 590278ba04..cd549d2ef6 100644 > --- a/libavcodec/nvdec_hevc.c > +++ b/libavcodec/nvdec_hevc.c > @@ -204,8 +204,8 @@ static int nvdec_hevc_start_frame(AVCodecContext *avctx, > ppc->row_height_minus1[i] = pps->row_height[i] - 1; > > #if NVDECAPI_CHECK_VERSION(9, 0) > - if (pps->chroma_qp_offset_list_len_minus1 > FF_ARRAY_ELEMS(ppc->cb_qp_offset_list) || > - pps->chroma_qp_offset_list_len_minus1 > FF_ARRAY_ELEMS(ppc->cr_qp_offset_list)) { > + if (pps->chroma_qp_offset_list_len_minus1 >= FF_ARRAY_ELEMS(ppc->cb_qp_offset_list) || > + pps->chroma_qp_offset_list_len_minus1 >= FF_ARRAY_ELEMS(ppc->cr_qp_offset_list)) { > av_log(avctx, AV_LOG_ERROR, "Too many chroma_qp_offsets\n"); > return AVERROR(ENOSYS); > } LGTM
diff --git a/libavcodec/nvdec_hevc.c b/libavcodec/nvdec_hevc.c index 590278ba04..cd549d2ef6 100644 --- a/libavcodec/nvdec_hevc.c +++ b/libavcodec/nvdec_hevc.c @@ -204,8 +204,8 @@ static int nvdec_hevc_start_frame(AVCodecContext *avctx, ppc->row_height_minus1[i] = pps->row_height[i] - 1; #if NVDECAPI_CHECK_VERSION(9, 0) - if (pps->chroma_qp_offset_list_len_minus1 > FF_ARRAY_ELEMS(ppc->cb_qp_offset_list) || - pps->chroma_qp_offset_list_len_minus1 > FF_ARRAY_ELEMS(ppc->cr_qp_offset_list)) { + if (pps->chroma_qp_offset_list_len_minus1 >= FF_ARRAY_ELEMS(ppc->cb_qp_offset_list) || + pps->chroma_qp_offset_list_len_minus1 >= FF_ARRAY_ELEMS(ppc->cr_qp_offset_list)) { av_log(avctx, AV_LOG_ERROR, "Too many chroma_qp_offsets\n"); return AVERROR(ENOSYS); }
Fixes Coverity issues #1442912, #1442913, #1442916 and #1442917. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> --- Given that hevc_ps.c checks these values, it is actually impossible for this error to be triggered. libavcodec/nvdec_hevc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)