From: Nuo Mi <nuomi2021@gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: James Almer <jamrial@gmail.com>
Subject: Re: [FFmpeg-devel] [PATCH] avcodec/cbs_h266_syntax_template: check aps_adaptation_parameter_set_id
Date: Sat, 3 Feb 2024 23:59:07 +0800
Message-ID: <CAFXK13d4NfrDf8YsMOoOkXmHw9geMn5xz07sa4b6CkH-hFR86Q@mail.gmail.com> (raw)
In-Reply-To: <20240127031332.17970-1-michael@niedermayer.cc>
On Sat, Jan 27, 2024 at 11:13 AM Michael Niedermayer <michael@niedermayer.cc>
wrote:
> From: James Almer <jamrial@gmail.com>
>
> "When aps_params_type is equal to ALF_APS or SCALING_APS, the value of
> aps_adaptation_parameter_set_id shall be
> in the range of 0 to 7, inclusive.
> When aps_params_type is equal to LMCS_APS, the value of
> aps_adaptation_parameter_set_id shall be in the range of 0
> to 3, inclusive."
>
> Fixes: out of array accesses
> Fixes:
> 65932/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-4563412340244480
>
> Found-by: continuous fuzzing process
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by
> <https://github.com/google/oss-fuzz/tree/master/projects/ffmpegSigned-off-by>:
> Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/cbs_h266_syntax_template.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/libavcodec/cbs_h266_syntax_template.c
> b/libavcodec/cbs_h266_syntax_template.c
> index 9e479c9c314..21da8195556 100644
> --- a/libavcodec/cbs_h266_syntax_template.c
> +++ b/libavcodec/cbs_h266_syntax_template.c
> @@ -2457,6 +2457,7 @@ static int
> FUNC(scaling_list_data)(CodedBitstreamContext *ctx, RWContext *rw,
> static int FUNC(aps)(CodedBitstreamContext *ctx, RWContext *rw,
> H266RawAPS *current, int prefix)
> {
> + int aps_id_max = MAX_UINT_BITS(5);
> int err;
>
> if (prefix)
> @@ -2469,7 +2470,12 @@ static int FUNC(aps)(CodedBitstreamContext *ctx,
> RWContext *rw,
> : VVC_SUFFIX_APS_NUT));
>
> ub(3, aps_params_type);
> - ub(5, aps_adaptation_parameter_set_id);
> + if (current->aps_params_type == VVC_ASP_TYPE_ALF ||
> + current->aps_params_type == VVC_ASP_TYPE_SCALING)
> + aps_id_max = 7;
> + else if (current->aps_params_type == VVC_ASP_TYPE_LMCS)
> + aps_id_max = 3;
> + u(5, aps_adaptation_parameter_set_id, 0, aps_id_max);
> flag(aps_chroma_present_flag);
> if (current->aps_params_type == VVC_ASP_TYPE_ALF)
> CHECK(FUNC(alf_data)(ctx, rw, current));
> --
applied,
thanks, James and Michael
>
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
prev parent reply other threads:[~2024-02-03 15:59 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-27 3:13 Michael Niedermayer
2024-02-03 15:59 ` Nuo Mi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFXK13d4NfrDf8YsMOoOkXmHw9geMn5xz07sa4b6CkH-hFR86Q@mail.gmail.com \
--to=nuomi2021@gmail.com \
--cc=ffmpeg-devel@ffmpeg.org \
--cc=jamrial@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git