virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2026-06-14 08:44:40 +02:00
Code Issues Releases Activity
Files
f10d87bf820d9df2686cb79dd4f600dab09dfb17
FFmpeg/libavcodec/hevc
T
History
Zhao Zhili 2dc975eb89 avcodec/hevc: limit missing-ref fill to coded planes 
generate_missing_ref walked frame->f->data[] until a NULL slot, which
on alpha-video frames extended to data[3] and read
sps->hshift[3]/vshift[3] out of bounds.

The alpha plane is produced by the alpha layer via
replace_alpha_plane; the base decoder path never reads or writes it.
Bound the fill loop by the SPS coded plane count. This both removes
the out-of-bounds shift access and avoids an unnecessary full-frame
memset of the alpha plane.

Fixes: out of array read
Fixes: 500770604/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-6157374833623040

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
(cherry picked from commit 3b939ced79)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2026-06-14 04:58:57 +02:00
..
cabac.c
data.c
data.h
dsp_template.c
dsp.c
dsp.h
filter.c
hevc.h
hevcdec.c
hevcdec.h
Makefile
mvs.c
parse.c
parse.h
parser.c
pred_template.c
pred.c
pred.h
ps_enc.c
ps.c
avcodec/hevc/ps: validate rep_format dimensions in multi-layer SPS
2026-05-03 19:57:05 +02:00
ps.h
refs.c
avcodec/hevc: limit missing-ref fill to coded planes
2026-06-14 04:58:57 +02:00
sei.c
sei.h