* [FFmpeg-devel] [PR] unchecked-errors (PR #21571)
@ 2026-01-24 13:44 frankplow via ffmpeg-devel
0 siblings, 0 replies; only message in thread
From: frankplow via ffmpeg-devel @ 2026-01-24 13:44 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: frankplow
PR #21571 opened by frankplow
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21571
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21571.patch
"lavc/vvc: Fix unchecked error codes from set_qp_y" should be backported to 8.0 only.
"lavc/vvc: Fix unchecked error codes from add_reconstructed_area" should be backported to 8.0 and 7.1.
>From 3384026e1340a7da707ec5d049f2c6004d452bc2 Mon Sep 17 00:00:00 2001
From: Frank Plowman <post@frankplowman.com>
Date: Sat, 24 Jan 2026 13:21:00 +0000
Subject: [PATCH 1/2] lavc/vvc: Fix unchecked error codes from set_qp_y
Fixes: clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-4957602162475008
---
libavcodec/vvc/ctu.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/libavcodec/vvc/ctu.c b/libavcodec/vvc/ctu.c
index 18cbe0fe0f..e50ac592bd 100644
--- a/libavcodec/vvc/ctu.c
+++ b/libavcodec/vvc/ctu.c
@@ -1157,8 +1157,11 @@ static int skipped_transform_tree_unit(VVCLocalContext *lc)
const CodingUnit *cu = lc->cu;
int ret;
- if (cu->tree_type != DUAL_TREE_CHROMA)
- set_qp_y(lc, cu->x0, cu->y0, 0);
+ if (cu->tree_type != DUAL_TREE_CHROMA) {
+ ret = set_qp_y(lc, cu->x0, cu->y0, 0);
+ if (ret < 0)
+ return ret;
+ }
if (rsps->sps_chroma_format_idc && cu->tree_type != DUAL_TREE_LUMA)
set_qp_c(lc);
ret = skipped_transform_tree(lc, cu->x0, cu->y0, cu->cb_width, cu->cb_height);
@@ -1937,17 +1940,20 @@ static void palette_update_predictor(VVCLocalContext *lc, const bool local_dual_
}
}
-static void palette_qp(VVCLocalContext *lc, VVCTreeType tree_type, const bool escape_present)
+static int palette_qp(VVCLocalContext *lc, VVCTreeType tree_type, const bool escape_present)
{
const VVCFrameContext *fc = lc->fc;
const VVCPPS *pps = fc->ps.pps;
const H266RawSliceHeader *rsh = lc->sc->sh.r;
const CodingUnit *cu = lc->cu;
+ int ret;
if (tree_type != DUAL_TREE_CHROMA) {
const bool has_qp_delta = escape_present &&
pps->r->pps_cu_qp_delta_enabled_flag && !lc->parse.is_cu_qp_delta_coded;
- set_qp_y(lc, cu->x0, cu->y0, has_qp_delta);
+ ret = set_qp_y(lc, cu->x0, cu->y0, has_qp_delta);
+ if (ret < 0)
+ return ret;
}
if (tree_type != DUAL_TREE_LUMA) {
@@ -1955,6 +1961,8 @@ static void palette_qp(VVCLocalContext *lc, VVCTreeType tree_type, const bool es
chroma_qp_offset_decode(lc, 0, 1);
set_qp_c(lc);
}
+
+ return 0;
}
#define PALETTE_SET_PIXEL(xc, yc, pix) \
@@ -2123,7 +2131,9 @@ static int hls_palette_coding(VVCLocalContext *lc, const VVCTreeType tree_type)
transpose = ff_vvc_palette_transpose_flag(lc);
}
- palette_qp(lc, tree_type, escape_present);
+ ret = palette_qp(lc, tree_type, escape_present);
+ if (ret < 0)
+ return ret;
index[0] = 0;
for (int i = 0; i <= (tu->tbs[0].tb_width * tu->tbs[0].tb_height - 1) >> 4; i++) {
--
2.52.0
>From b27e7f88740492fb116d51e60e261e47acace578 Mon Sep 17 00:00:00 2001
From: Frank Plowman <post@frankplowman.com>
Date: Sat, 24 Jan 2026 13:41:31 +0000
Subject: [PATCH 2/2] lavc/vvc: Fix unchecked error codes from
add_reconstructed_area
---
libavcodec/vvc/intra.c | 36 +++++++++++++++++++++++++-----------
1 file changed, 25 insertions(+), 11 deletions(-)
diff --git a/libavcodec/vvc/intra.c b/libavcodec/vvc/intra.c
index 52a138ef1c..eccd8ee4c5 100644
--- a/libavcodec/vvc/intra.c
+++ b/libavcodec/vvc/intra.c
@@ -225,21 +225,23 @@ static int get_chroma_predict_unit(const CodingUnit *cu, const TransformUnit *tu
}
//8.4.5.1 General decoding process for intra blocks
-static void predict_intra(VVCLocalContext *lc, const TransformUnit *tu, const int idx, const int target_ch_type)
+static int predict_intra(VVCLocalContext *lc, const TransformUnit *tu, const int idx, const int target_ch_type)
{
const VVCFrameContext *fc = lc->fc;
const CodingUnit *cu = lc->cu;
const VVCTreeType tree_type = cu->tree_type;
- int x0, y0, w, h;
+ int x0, y0, w, h, ret;
if (cu->pred_mode != MODE_INTRA) {
- add_reconstructed_area(lc, target_ch_type, tu->x0, tu->y0, tu->width, tu->height);
- return;
+ ret = add_reconstructed_area(lc, target_ch_type, tu->x0, tu->y0, tu->width, tu->height);
+ return ret;
}
if (!target_ch_type && tree_type != DUAL_TREE_CHROMA) {
if (get_luma_predict_unit(cu, tu, idx, &x0, &y0, &w, &h)) {
ff_vvc_set_neighbour_available(lc, x0, y0, w, h);
fc->vvcdsp.intra.intra_pred(lc, x0, y0, w, h, 0);
- add_reconstructed_area(lc, 0, x0, y0, w, h);
+ ret = add_reconstructed_area(lc, 0, x0, y0, w, h);
+ if (ret < 0)
+ return ret;
}
}
if (target_ch_type && tree_type != DUAL_TREE_LUMA) {
@@ -251,9 +253,12 @@ static void predict_intra(VVCLocalContext *lc, const TransformUnit *tu, const in
fc->vvcdsp.intra.intra_pred(lc, x0, y0, w, h, 1);
fc->vvcdsp.intra.intra_pred(lc, x0, y0, w, h, 2);
}
- add_reconstructed_area(lc, 1, x0, y0, w, h);
+ ret = add_reconstructed_area(lc, 1, x0, y0, w, h);
+ if (ret < 0)
+ return ret;
}
}
+ return 0;
}
static void scale_clip(int *coeff, const int nzw, const int w, const int h,
@@ -586,11 +591,14 @@ static int reconstruct(VVCLocalContext *lc)
CodingUnit *cu = lc->cu;
const int start = cu->tree_type == DUAL_TREE_CHROMA;
const int end = fc->ps.sps->r->sps_chroma_format_idc && (cu->tree_type != DUAL_TREE_LUMA);
+ int ret;
for (int ch_type = start; ch_type <= end; ch_type++) {
TransformUnit *tu = cu->tus.head;
for (int i = 0; tu; i++) {
- predict_intra(lc, tu, i, ch_type);
+ ret = predict_intra(lc, tu, i, ch_type);
+ if (ret < 0)
+ return ret;
itransform(lc, tu, ch_type);
tu = tu->next;
}
@@ -726,10 +734,16 @@ int ff_vvc_reconstruct(VVCLocalContext *lc, const int rs, const int rx, const in
if (cu->coded_flag) {
ret = reconstruct(lc);
} else {
- if (cu->tree_type != DUAL_TREE_CHROMA)
- add_reconstructed_area(lc, LUMA, cu->x0, cu->y0, cu->cb_width, cu->cb_height);
- if (sps->r->sps_chroma_format_idc && cu->tree_type != DUAL_TREE_LUMA)
- add_reconstructed_area(lc, CHROMA, cu->x0, cu->y0, cu->cb_width, cu->cb_height);
+ if (cu->tree_type != DUAL_TREE_CHROMA) {
+ ret = add_reconstructed_area(lc, LUMA, cu->x0, cu->y0, cu->cb_width, cu->cb_height);
+ if (ret < 0)
+ return ret;
+ }
+ if (sps->r->sps_chroma_format_idc && cu->tree_type != DUAL_TREE_LUMA) {
+ ret = add_reconstructed_area(lc, CHROMA, cu->x0, cu->y0, cu->cb_width, cu->cb_height);
+ if (ret < 0)
+ return ret;
+ }
}
if (sps->r->sps_ibc_enabled_flag)
ibc_fill_vir_buf(lc, cu);
--
2.52.0
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-01-24 13:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-01-24 13:44 [FFmpeg-devel] [PR] unchecked-errors (PR #21571) frankplow via ffmpeg-devel
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git