virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-15 14:13:16 +02:00
Code Issues Releases Activity

avcodec/hevc_ps: Check depth to be within 8 to 16

Browse Source 
Fixes: assertion failure in bitreader
Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-627318668066816

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2023-04-16 23:55:56 +02:00
parent e2e34c7731
commit cb8180aa66
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/hevc_ps.c
View File

@@ -1557,6 +1557,10 @@ static int pps_scc_extension(GetBitContext *gb, AVCodecContext *avctx,
pps->luma_bit_depth_entry = get_ue_golomb_31(gb) + 8; pps->luma_bit_depth_entry = get_ue_golomb_31(gb) + 8;
if (!pps->monochrome_palette_flag) if (!pps->monochrome_palette_flag)
pps->chroma_bit_depth_entry = get_ue_golomb_31(gb) + 8; pps->chroma_bit_depth_entry = get_ue_golomb_31(gb) + 8;
if (pps->chroma_bit_depth_entry > 16 || pps->chroma_bit_depth_entry > 16)
return AVERROR_INVALIDDATA;
num_comps = pps->monochrome_palette_flag ? 1 : 3; num_comps = pps->monochrome_palette_flag ? 1 : 3;
for (int comp = 0; comp < num_comps; comp++) { for (int comp = 0; comp < num_comps; comp++) {
int bit_depth = !comp ? pps->luma_bit_depth_entry : pps->chroma_bit_depth_entry; int bit_depth = !comp ? pps->luma_bit_depth_entry : pps->chroma_bit_depth_entry;