From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id EB8894C2B0 for ; Sat, 8 Nov 2025 18:44:46 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'0mYP0N9aJzmdwREdTq5vIjluEIuR+7Fuz1FQYhvw46Y=', expected b'sAb6ZLRZjRTDNh32rswV/1iaogIIKYOHCBC8okuWxZM=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1762627478; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=0mYP0N9aJzmdwREdTq5vIjluEIuR+7Fuz1FQYhvw46Y=; b=EgVZITGLOrpfYfQjVzxQyWSTu7WKWIlY4sLN5B+97rTZ+bMatOJJO5apVEhXMKNZ7yuY2 MwlBlYWykD47svCzggP/f2qA0U/hyrGHU9/98RTgrJxK2xYcieh6eDbMEfUE4pRcaDNT45K mdJpSDvCqwH3UMufkp1sPBihDB3vCBhQ6qZjXSPyhw7lFSMVi45vLaEre3ZFaI5wPsrmWsv lZJvzRJqdiHEsx+W4IUhPIj9Qed/nK6tC+4QKbO/IqqsPyRBbBraLrlgMiaqTXcj7WRWWzf eL1AuZIBO/PXLk5GRJq4llPiuMMnk+GAABXEQhp5RUyVdCfonc8IhSNbuuqw== Received: from [172.19.0.2] (unknown [172.19.0.2]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 656CC68FA4C; Sat, 8 Nov 2025 20:44:38 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1762627461; b=pZ2G3BMe96Hgk4FHuf+UNjmjfh5Ssanc9Y/fJY7sCOCzRbdwj4k4/7kIudagYig5RPmO0 ipzzkhHPXxT2t47k557SeynHRMbO9EOm80D11/uh0EKe9JI4E6KNm06fotZAHnxRSO5QFAx nrCWDPKK+BRS1neQu043Ojn+GWYkdXIJz9hYpJOeuWflKvpXf4uIc3WeI2pPmz1+o/9I52X CYlKZPEGZdHtx2eBtR1U3VevwfQmrvM4w5fcJ0MK7wxwNgfSsslQrIXoB2GsLIJZpzYAUaF 5+U93tvOtsWCR+G8TXr9ob7JEvl1ZkTv2bsuORtf4Hp3OmHvR1TzqYfEFl+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1762627461; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=NohNyTmmg6XL6tScn/EDC0/66nTXD0bF5aTW7nuyh3g=; b=FDl29tZduYUEo0JQkiFJc+0e8D3hlWrEFlep3vnRSMLkM2u/cglplnONOjMFmg/EicvTY 05VF/c5okcbNkQzADncrCoc+mpibj2hwC3VsVt72VPbekik2KJM0rryWHjhCcAgNeb7x2x1 t+MUrOsM82CSurKsdqcFgar8p3r/Nmf9LCriLdcGwubLgXU7WmHId8gtra8rtggFcw6C5QJ RCl+mfoYzSYzosZkRCDPywSe3Bsa2rBXDHIywVer/TWk8uQlXHplLWJWYnr1qbg2M/8Khj4 v2NOgtsj8A/Aiu13X2B6a2EQhmACjI11hV82JndAMZEyK4d8Va3UMevE6iQA== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1762627454; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=sAb6ZLRZjRTDNh32rswV/1iaogIIKYOHCBC8okuWxZM=; b=anoM5coNHCwYQhfZtwkPTYSOwyVjAvGYFb3sQs0P1hpf3fN+uN+s/JcX+pOcG3OV/2RcQ Ljp0vr1mRkgEMdxq12T+tz9CeGPGvxJxA1b9beKXel8SpxQJV9k8jhCatwo+fsJdzmOrRfY n8IUsTpGyUJgpCSn+UmTmlJpKuisfvxLCnBcEoMgqmTbr6ZVt6k4emEKUo2At6Qcm/uWAYP FBpVElPf9tkST59ZFy9CRTHP3YuPNDrDKF9V+zyKwuaMxu3J7HUugJVFMUytFxv9nNClaGb 8MZ9/zMW8bqyYnN8DmPLcVmOBrLv8km+spG9m8/nKse6udC9nZoZ8Mmw45+w== Received: from 188d6d40ca7a (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 3177E6800ED for ; Sat, 8 Nov 2025 20:44:14 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Sat, 08 Nov 2025 18:44:13 -0000 Message-ID: <176262745433.25.7932891806333830296@2cb04c0e5124> Message-ID-Hash: DFKEIDPDP3JYJY24IBI5ORGUT563VMWU X-Message-ID-Hash: DFKEIDPDP3JYJY24IBI5ORGUT563VMWU X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PATCH] lavc/hevc: Fix usage of slice segment in invalid state (PR #20869) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: frankplow via ffmpeg-devel Cc: frankplow Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #20869 opened by frankplow URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20869 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20869.patch Previously, we set s->slice_initialized to 0 to prevent other slice segments from depending on this slice segment only if hls_slice_header failed. If decode_slice fails for some other reason, however, before decode_slice_data is called to bring the context back into a consistent state, then slices could depend on this slice segment while it is in an invalid state. This can cause segmentation faults and other sorts of nastiness. Patch fixes this by always setting s->slice_initialized to 0 while the state is inconsistent. Resolves #11652. >>From 59586a530a29b7f30c566fc8904c83e1053167bc Mon Sep 17 00:00:00 2001 From: Frank Plowman Date: Sat, 8 Nov 2025 18:35:51 +0000 Subject: [PATCH] lavc/hevc: Fix usage of slice segment in invalid state Previously, we set s->slice_initialized to 0 to prevent other slice segments from depending on this slice segment only if hls_slice_header failed. If decode_slice fails for some other reason, however, before decode_slice_data is called to bring the context back into a consistent state, then slices could depend on this slice segment while it is in an invalid state. This can cause segmentation faults and other sorts of nastiness. Patch fixes this by always setting s->slice_initialized to 0 while the state is inconsistent. Resolves #11652. --- libavcodec/hevc/hevcdec.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/hevc/hevcdec.c b/libavcodec/hevc/hevcdec.c index 8d432a9a1f..74b4a4c046 100644 --- a/libavcodec/hevc/hevcdec.c +++ b/libavcodec/hevc/hevcdec.c @@ -3544,10 +3544,12 @@ static int decode_slice(HEVCContext *s, unsigned nal_idx, GetBitContext *gb) ret = hls_slice_header(&s->sh, s, gb); if (ret < 0) { - // hls_slice_header() does not cleanup on failure thus the state now is inconsistent so we cannot use it on dependent slices - s->slice_initialized = 0; return ret; } + // Once hls_slice_header has been called, the context is inconsistent with the slice header + // until the context is reinitialized according to the contents of the new slice header + // at the start of decode_slice_data. + s->slice_initialized = 0; if ((s->avctx->skip_frame >= AVDISCARD_BIDIR && s->sh.slice_type == HEVC_SLICE_B) || (s->avctx->skip_frame >= AVDISCARD_NONINTRA && s->sh.slice_type != HEVC_SLICE_I) || -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org