From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 0B69949A17 for ; Sat, 27 Apr 2024 10:14:33 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BD0D668D2B0; Sat, 27 Apr 2024 13:14:29 +0300 (EEST) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05olkn2096.outbound.protection.outlook.com [40.92.91.96]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5D34568D28C for ; Sat, 27 Apr 2024 13:14:22 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KZNIhNnLqfm8SL6qrE3Tz4lZMUzqDaSrIEPZ7OzKnVL6UWJTSiHoylzF6B2V4Hqx59l0jYXtLya7fA/+UJmZ7q2B3Ofagi6pFBI5DisxGvqsXZefYDWJZMRZAF7jKdjvTK4Vr1r5GQL+ae+rsuCi3jZYDEEuZ1uXVFdikf3vsVPkPy150EDXS90L4SuznmDSyAsHa3wL1V2U3tgXzFt/N+GTkdtkSl3Z9edhzlDvI9z0347JxK9IEfjvoCqU44fxzzMTuRkWUeTPUjSWPTlqJIGYYK8g/1J14bU5+Mr0p/G/4gQTDs6GKgnyQJIgvDrjxYlK3P9cXkpGkMOvcbaKkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H2Gp/ZhklowypyNRy8NaFNLtAOrjZBnTTk7vYp+/BYU=; b=mti9c6q3CGYOE86tbQU6pQRm0+L/c99IsISrz+TQg8JTxKnu923iB2dgiFC60bpgL7wpnrrMvBzgCdcz01hcWvpyIcXHn4lT6/bjrlbWwAbUmxxOyWY6aHx+GLz69fNL2vjTwCTcdWPSqpHysFeNie5UC97me7mmO4so5WTSXUl1bBT3l0R0LVvnWU6ow16DHAqqXn7RPRitrcSpWctXdtXbweUoRnC6Je0ikIF8vsJ4jP9nZ7V1jyHU0vRhWljlD61Urr/1RgqC77y/t+4mIeuFJ3zrBm8RWhrsn4lZuBBRruOST6BnTnyKQjQOOuK4rHy3WvyL1CiZoymK9ltCeA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H2Gp/ZhklowypyNRy8NaFNLtAOrjZBnTTk7vYp+/BYU=; b=q2dmpcGWLpiRbGABKbf9RPbVrBjiwlDbz8lvFOP9ZFMJS6WCpVvJK+prtk0A2JX0etcwqud6Ok9cnxaOkDnTOOCG5B6YJgueekRyP/quqeLFOurQIfBrPVAR4fTBKru90LFYrmwoU7jtsxCKUaN28yUj3MY8CeGr3kEfgL/89kr2ccPNz7Hpb+1xRb6wKKORqHwow8ug8fI4pX2y2NPtKJAk/EpvRzt8YuslGTXFOcpAveXo3zbSNPtMWHMqcTpIJqZi/lTqGkR3DVxSBxHIFqOUJ7eas6LD5Y8xVG6wdJp+rr/HpjOwlfSxtscEWzIdLGmDfJkRS61HfiJURw8a/Q== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by DB9P250MB0427.EURP250.PROD.OUTLOOK.COM (2603:10a6:10:324::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7519.31; Sat, 27 Apr 2024 10:14:20 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::1f29:8206:b8c3:45bb]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::1f29:8206:b8c3:45bb%3]) with mapi id 15.20.7409.042; Sat, 27 Apr 2024 10:14:20 +0000 Message-ID: Date: Sat, 27 Apr 2024 12:14:18 +0200 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240426235211.3718252-1-michael@niedermayer.cc> <20240426235211.3718252-4-michael@niedermayer.cc> Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: <20240426235211.3718252-4-michael@niedermayer.cc> X-TMN: [kVfylu/vlq5hZpaeYkF+SgaGks/u0nqEgP73PlxXenI=] X-ClientProxiedBy: ZRAP278CA0013.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:10::23) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <2147649e-b73f-4d32-8a9c-ffb9a18ac94b@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|DB9P250MB0427:EE_ X-MS-Office365-Filtering-Correlation-Id: b06ef8e1-9473-44c8-8ab8-08dc66a2cde6 X-Microsoft-Antispam: BCL:0; ARA:14566002|461199019|440099019|3412199016|1602099003; X-Microsoft-Antispam-Message-Info: Ky17rtqjJJb8c0TZrwVyfvXl+6584sG1gD8ImIf6+7pOS12ojuuc2jRroqPVtVETKfotLb6L4Oc+OxOhTvd8h79FbsuhOZElFWUBbFXI8bc51dW5zjqE3CBbRSqx5aF4e9M9fguT2+ZAnmwMmRRwofSdO77UHUpkRSZit8WORg3jX31QVcMcusk81TyJoe7dQGb8O7Nmj9jUQBxhKWA/o0MBurWQI7xcIJDJyyfVbmDLay0q5o3wadbEMD/vqpkoI5+h9iaEbXtcIWkX6EKE2Mm6oHM2WX8WS5lp33a628Qh7jo4NBipCD+3q6lxzSZ+6HHtkbwp6dgKnS8xpZGxYuWrI8X6BbJtyhXNogEiHpGjjSxTfVvNvNKR5SL8RT21331iLe3sr8K1IsSR05n1VGwBWWpZhdMguxIPoSBNH4emPfr+tfHcEl3lPNNqCPBhWGmsKolGN2z6wSCeX4r/1YvLfVaFG6STYLjkw9Nk1mGLoxT9htlnyB8Z7A89RUCt5pmOIMw9KUEtDzvoitZsLeczr3eYD5Yqx3DYUPVKZIwEPuleuKg4Xwg0GuP5CFao3Zeb2WFdJk41aUW0SoEpIP8fXEzFYNy9fjiEIFqolljYYv0YBWtOSnLSn8o7jiqVmcjf4HptOj/s4pcP5yMgvs/r3pjEgEn/oHy32yB15Uw= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TGo5MkVyOG5uOTJCYmxra251RmhDejJxTVI0TlgxOG03eFJTMi9WM2lpZEpp?= =?utf-8?B?RjJwYnYwUkRxREI3Q0RublBONnhTVXVNWm5iSWNFN2QxTUs0Vk1pMXhXMXd5?= =?utf-8?B?VXU4VG5oN3c5UGk0dyt6Z3piMkVyb2d0czNiNHBSRFhZb1RpNGxwNVVWN1Fs?= =?utf-8?B?b2RwaWdPZ3JmTlM2czRaQVZFbHBKODJ3WHJEclVrWG5SWkthWE9LUHMxdlp3?= =?utf-8?B?aGo2czlHR3owS3ZaaTBrcUxCTFJ3TzB3MDhuSWJkVHFINnJxUWhZRjBmaWVQ?= =?utf-8?B?dS9MWndjTFZqbE9KbU15TldlUW45eWNYUUJ0QythRHBkcUxJMktCTStwNmRG?= =?utf-8?B?NlZ5RWRZb0hKa2tLOVpQS094dndweUhVazlZMng3ZEg5REJVcW8waEhpK0pl?= =?utf-8?B?UUtjS3VNRitnYzFUYTIrcllNMXk0b0FOa2lrTzQ1djYrYnlKZExoUk03a2lm?= =?utf-8?B?OFpGREhwaWlNRnA4ajFhcWNnN1VLN25RaE9VRXFTRVVRT0ZOaWcwSjRkd2Jt?= =?utf-8?B?aEFpejBnbUpoSVlFUDUzNjd4NmNHZERrdEp6ZXQrVmtEQVlyeVpsbE1ZWGU5?= =?utf-8?B?Z0pDSXhVVEhmN1hoVURJd0tPaHBSaXFWR1htMGVvU2RmU09DUG9sVFl6ZFZI?= =?utf-8?B?V1dyUFdmVkRzQit5UC9YMVQwTXg4OElWVkdtZzZ3U2RhOEMvTkFSc0drQjZw?= =?utf-8?B?Z0praFg5SkdMK0JHZllybVZhNU9MUTlMeFJGNjRlcVdtQngyZ3B4WUhwZngz?= =?utf-8?B?MFUzWDFnQ25aeWpRYUlpK3p2d3hPUXpDZ0ZGSE40Y1Y4RjVXRytqSzdySWpw?= =?utf-8?B?L0o3ZktjSUZMNjV3Z0I0bXFNS1lyN05wRkk4T1I4N3lhcmdoWDVQTzMrbXBG?= =?utf-8?B?bkJobzZ1L1YrT1l1MVJwaExvOVlYQ3pnWEEzVEs3SWk1N2hhMmk0Y0VESFNi?= =?utf-8?B?MlcrdysxdFFJbmk5UEEwWThxZDE0NlVPT05lT0c3WTlnZE0zaEZTOWtZbVox?= =?utf-8?B?L2NDVWx5anNuTjhkWm9zekg3VndNQlVDSkJRTzRpMlFWYzJiNlorRXphbHRG?= =?utf-8?B?RTVQajJXT25pMk5hSi9mWkNWR3NpZkVTVG9XVXcrRHFoaSsrQTBUWFlyM1po?= =?utf-8?B?RFplbjBPN3IrWHpnb0llUVRSRFlZYmJQT0E2allESTUrbGdiN0tJeU1YRW50?= =?utf-8?B?eTh2VVlvTlhkQ1Y0WjhFcTI2YS94bi9yQU14ZExBdlhqRmE2WW13MTduNGh0?= =?utf-8?B?MGhZVjNtTmRQa012UTJ5ZUZSeTl6Q2pWN2w5bGtrVW5tYlRQN2tPNWxnZmpv?= =?utf-8?B?d0FYbUU0aCt3UW5KWXdiQkhRVFNqV285blh5aDQweHNOWWp1dWNDM2ZvazQv?= =?utf-8?B?dXdjTTlhZ1lWc0lhOS8rQkpEeERVYXlKU1plKzZVNEQxdXcyeGlpZlJNUlN4?= =?utf-8?B?bndlNFg0MzFXbVZEejRTR2JIVlJyWis3QzJKNnJxM0pUY2ZVblFvR1lzNFN1?= =?utf-8?B?Y0c0cHBKU3JUanBGQUg5ajMyVkY1eVlDNWFxSnQ3VzV3WGhVbG01bXJ5cU0w?= =?utf-8?B?VkJQbXpsY3hJT2RsUllNTmZWUE1UVXl1VmlLVXA5cUR4ZktlNm5xei9wa0ps?= =?utf-8?B?T1pIUk1VeGdOTTRWMTFyNkVRVys5TUZYMEhjbGJLN01pTG4wdkU3U05ETkxX?= =?utf-8?B?MFhSODdmMWxMczM2OXhVQlJtYTlFOTNpazF0ajErU0ovQm43L1h6aWlnPT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b06ef8e1-9473-44c8-8ab8-08dc66a2cde6 X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Apr 2024 10:14:20.6741 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P250MB0427 Subject: Re: [FFmpeg-devel] [PATCH 4/5] avcodec/hevcdec: Check ref frame X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Michael Niedermayer: > Fixes: NULL pointer dereferences > Fixes: 68197/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-6382538823106560 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/hevcdec.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c > index fcfb275f63a..92b0e45eee0 100644 > --- a/libavcodec/hevcdec.c > +++ b/libavcodec/hevcdec.c > @@ -1969,13 +1969,13 @@ static void hls_prediction_unit(HEVCLocalContext *lc, int x0, int y0, > > if (current_mv.pred_flag & PF_L0) { > ref0 = refPicList[0].ref[current_mv.ref_idx[0]]; > - if (!ref0 || !ref0->frame->data[0]) > + if (!ref0 || !ref0->frame || !ref0->frame->data[0]) > return; > hevc_await_progress(s, ref0, ¤t_mv.mv[0], y0, nPbH); > } > if (current_mv.pred_flag & PF_L1) { > ref1 = refPicList[1].ref[current_mv.ref_idx[1]]; > - if (!ref1 || !ref1->frame->data[0]) > + if (!ref1 || !ref1->frame || !ref1->frame->data[0]) > return; > hevc_await_progress(s, ref1, ¤t_mv.mv[1], y0, nPbH); > } Same as with 1/5: Checking for !ref0->frame is enough as HEVCFrame.f is set if and only if the HEVCFrame.f->data[0] is set (with the possible exception of hw-accelerated pixel formats that don't use AVFrame.data at all (I don't know whether they exist); in any case, HEVCFrame.f is set if and only if HEVCFrame.f->buf[0] is set). Actually, I checked all the decoder that I ported to ProgressFrames for this pattern, but apparently I overlooked way too much (maybe I only checked for the ->buf[0] pattern?). Sorry for that. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".