[FFmpeg-devel] [PATCH 1/6] avcodec/magicyuvenc: better slice height
Michael Niedermayer
michael at niedermayer.cc
Tue Aug 20 10:50:52 EEST 2024
Fixes: Use of uninitialized value
Fixes: 71072/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-4835252046987264
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavcodec/magicyuvenc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavcodec/magicyuvenc.c b/libavcodec/magicyuvenc.c
index 93eabb9f9a5..6e640d24cc1 100644
--- a/libavcodec/magicyuvenc.c
+++ b/libavcodec/magicyuvenc.c
@@ -378,11 +378,14 @@ static int count_plane_slice(AVCodecContext *avctx, int n, int plane)
Slice *sl = &s->slices[n * s->planes + plane];
const uint8_t *dst = sl->slice;
PTable *counts = sl->counts;
+ const int slice_height = s->slice_height;
+ const int last_height = FFMIN(slice_height, avctx->height - n * slice_height);
+ const int height = (n < (s->nb_slices - 1)) ? slice_height : last_height;
memset(counts, 0, sizeof(sl->counts));
count_usage(dst, AV_CEIL_RSHIFT(avctx->width, s->hshift[plane]),
- AV_CEIL_RSHIFT(s->slice_height, s->vshift[plane]), counts);
+ AV_CEIL_RSHIFT(height, s->vshift[plane]), counts);
return 0;
}
--
2.46.0
More information about the ffmpeg-devel
mailing list