[FFmpeg-devel] [PATCH 5/9] avcodec/cbs_h266_syntax_template: Check bit depth with range extension
Michael Niedermayer
michael at niedermayer.cc
Fri Sep 20 03:46:01 EEST 2024
On Fri, Sep 20, 2024 at 02:34:25AM +0200, Michael Niedermayer wrote:
> On Thu, Sep 19, 2024 at 08:53:07PM -0300, James Almer wrote:
> > On 9/19/2024 7:56 PM, Michael Niedermayer wrote:
> > > Fixes: shift exponent 62 is too large for 32-bit type 'int'
> > > Fixes: 71020/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-6444916325023744
> > >
> > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > > ---
> > > libavcodec/cbs_h266_syntax_template.c | 3 +++
> > > 1 file changed, 3 insertions(+)
> > >
> > > diff --git a/libavcodec/cbs_h266_syntax_template.c b/libavcodec/cbs_h266_syntax_template.c
> > > index a8f5af04d02..1c111126563 100644
> > > --- a/libavcodec/cbs_h266_syntax_template.c
> > > +++ b/libavcodec/cbs_h266_syntax_template.c
> > > @@ -1041,6 +1041,9 @@ static int FUNC(sps_range_extension)(CodedBitstreamContext *ctx, RWContext *rw,
> > > {
> > > int err;
> > > + if (current->sps_bitdepth_minus8 < 10)
> >
> > sps_bitdepth_minus8 can only be between 0 and 8, so this is basically making
> > it abort on any and every sample with SPS range extension.
>
> + if (current->sps_bitdepth_minus8 < 10 - 8)
>
> Its supposed to check this:
> "When BitDepth is less
> than or equal to 10, the value of sps_range_extension_flag shall be equal to 0."
also on this subject, using variables like var_minusconstant leads to mistakes
it would be better to do
var = read() + constant
write(var - constant)
it results in cleaner code IMHO
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
If one takes all money from those who grow wealth and gives it to those who
do not grow wealth, 10 years later, almost the same people who where wealthy
will be wealthy again, the same people who where poor will be poor again.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240920/e82a84fe/attachment.sig>
More information about the ffmpeg-devel
mailing list