1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

avcodec/utils: apply the same alignment to YUV410 as we do to YUV420 for snow

The snow encoder uses block based motion estimation which can read out of array if
insufficient alignment is used

It may be better to only apply this for the encoder, as it would safe a few bytes of memory
for the decoder. Until then, this fixes the issue in a simple way.

Fixes: out of array access
Fixes: 68963/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-4979988435632128
Fixes: 68969/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-6239933667803136.fuzz
Fixed: 70497/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5751882631413760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 58fbeb59e7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2024-06-17 13:31:02 +02:00
parent a937b3c58b
commit 999c1619f9
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64

View File

@ -255,6 +255,9 @@ void avcodec_align_dimensions2(AVCodecContext *s, int *width, int *height,
if (s->codec_id == AV_CODEC_ID_SVQ1) { if (s->codec_id == AV_CODEC_ID_SVQ1) {
w_align = 64; w_align = 64;
h_align = 64; h_align = 64;
} else if (s->codec_id == AV_CODEC_ID_SNOW) {
w_align = 16;
h_align = 16;
} }
break; break;
case AV_PIX_FMT_RGB555: case AV_PIX_FMT_RGB555: