From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 81162483CB for ; Mon, 1 Apr 2024 12:24:11 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id F2AFA68CDAA; Mon, 1 Apr 2024 15:24:07 +0300 (EEST) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05olkn2107.outbound.protection.outlook.com [40.92.89.107]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 74F7E68C463 for ; Mon, 1 Apr 2024 15:24:01 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YxApcOvLg4whZ2Sn5+x0QoCqabJ4ixPIIlnx0FSNghuApk9alPr5wYECa0CbAYoWbxMhq+p4Mj4w+m9WJyRRjRcAsmdFKM+stOPSbk4AvdIiKhOv4br6iTzDX4JWyZ4HSoA8aB/GpQu7vkTOIipxBHoVRaaRut9xAAwBuDz/M3m1bswEJubo3T69UFzFNi+6Rzwly56785DeZu91QqHuiHONlIUEiKKCSmAMWJ4bAV6kQFP7GCgMLtZhRR2wvpklzoh0Eu5+nMayUHlgVG1EexBfJDwH3Y1webNA/51OyH/MX4+ETPl/7nRsYGJ7VGJ+jeY3gvkZk1Q74xNNX6WGfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2sWPBzSnUY09QISxoqiNOKqywXkSXkkfTuquaDvHWHQ=; b=kkcsArhXdr4wiG4P+bec5n6G0/bCiMB8we3CvvpZA4SPcxtE7g+hHd6SohQ+mIUL5uMjYv2sEk/0eEk/c/YqY/I0KmayGnxaQ8YUuXSDYcoNkqLlcZAcfxEytLaMxhnq7+Mr2dkaCqBeJGc3OCmvjDKxvqu8CSR4gAOfChfM+ge3MQC9kuUgmeOsVjD6YyDkLp9x1OzYHF9lBx5Yv0YeWqJkHsYKcM4cVm0O0O5lqyXvGFMg5kBUMBQfWlEqFf8uFbwydm20wt8quoMNHmRw9WMEcGtdx5sYKUSLYwIKQ1f+3k30zeBLwRgfs11BDc2RgA8W/nvVEBjqK1Ohdgl1Qg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2sWPBzSnUY09QISxoqiNOKqywXkSXkkfTuquaDvHWHQ=; b=ViHBU/JwsybVhDY6imAqMGUEUsyB3OQjS18itFLdqIOY2porW1QmXLPpbuHGd08K56vdzv/gsvaZFFT65IzVAzD+wAtNRcwNd8qpxAadi7rPMoVI0QpZV4Hkq5Hfe9/mjYRRhUhLDiZdJV4BqN+1i7AGRJNpLixwJoVz4HaQopCmcN46gGX8IMNkddZGWumhvIEZT7nOZCBjga0RcWPTlRpaT2Zkbd4/rv4WVBdX0yNbnBolxztr1mMXwAc5vT17l0dFdBFnDEK2dp1rbMdRz9KZTyXsO5c3uCAzT2aHskHileH39xYAB6ipklI0kNSBygIcQk5Gp3gqVw0S4QpjYQ== Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) by AS8P250MB0314.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:37d::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Mon, 1 Apr 2024 12:24:00 +0000 Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::4a3b:cf76:cddc:c68d]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::4a3b:cf76:cddc:c68d%4]) with mapi id 15.20.7409.042; Mon, 1 Apr 2024 12:24:00 +0000 Message-ID: Date: Mon, 1 Apr 2024 14:23:57 +0200 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240401020006.12107-1-michael@niedermayer.cc> <20240401020006.12107-3-michael@niedermayer.cc> Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: <20240401020006.12107-3-michael@niedermayer.cc> X-TMN: [HwunFgu8CRMdyMyuF92kyi2eEjXNHYc7dWmc9qQUPLM=] X-ClientProxiedBy: ZR0P278CA0081.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:22::14) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) X-Microsoft-Original-Message-ID: <75e64ff4-7925-4339-963d-58df3e4c4ba7@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|AS8P250MB0314:EE_ X-MS-Office365-Filtering-Correlation-Id: a428af1e-245c-4839-add4-08dc52469bf5 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NDFkr8xCTq+aE2wH5y7VNuN8fB+a2tDLtpYucTW5qRnrMJD6/Bbkfm6f/FN8h8HDzxIhFb2Jj75eUtjf+M9xrZPUXOHW5G4flpAv6ni1ETZOW1OfAiDoNK1XD5vOW03Iuc09SVVBf1EzWLNljL4EsqwRgAHK8AMcUtyevhn8lP4lPNRc76F+WBrvZOOE1X9iiChAYUoZ4ljoXTJ00aV9to+wV4ApstV9yn3FfIx1j/4DGKwKIeggbe6m64VJLQJoYB94ytX7R7ILDcfiEwUoxgh0pSEpmSmh0Kd9ELVRw8yZv2Du/eXs1C0X/hOIsuV9MBJ+LxJGGGNk5XqXsq5sesUwsGtFCRrpd1YxDFHsncBQ76h9Yqr9N9clK1Q1zY8innqnCRWQFqRIC4nNp+mR8/UWVNOfczGbOEQ3ZenanxYqRbX8Bvtsmf9gZlJHB7LtxydwTB9u7A4RbUPL0cmrH8ffSI2Geg6+bgCBIvzVY3awHcHDI6Y64LN5B9cDkKAgnjZHTRc9IrIjkS2s65Vcb/k8YoXHxHuFL/6kMOnb1U9sUBGTKqVagheNgjkTOCL2f0j8L6b9VCHEc/k59YYUivhCPHtPDHXCgkHt1SBHf7EbegdwRpb0V86Vud3uMb6JyIqLFHLg9qhJ+2oH8eJ1yOO3/vcJnKCnlQc0Pe97O88= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Y1hDY1NGZ2QzcHV4b2hwZ042WWF1ckxtZHBJYW1hRGZVY0Q2QXJjVjNaSmw3?= =?utf-8?B?VFgzV0J6clVzTEJIZ1NHdVZVczkxZGZza1VCek9pY1dqc0N1ZmdKcDV4WHU4?= =?utf-8?B?cFRBQ240eFF4UDZ3ekhqR0hqVGlFVFhnZXFOTW1qcmxIWUVnL1oxbkpPc3Z6?= =?utf-8?B?TnhyWEd5ak1iMmhUM1FVREtRMUlDUm1hOE9keTdGL1NqSGx3RFhaaWROTGJK?= =?utf-8?B?c1FhRlQvNHA0cnNwaEsxV1ZCdXRwam05R0tyR0NzSi9TTDg0b0ZOV3FpakNO?= =?utf-8?B?TDl2OEY5TUhuS3FGWkNCS1NybW8wbEIvSjlPY2JZVDJ0OW16YzBwTXU1b3B3?= =?utf-8?B?MDFHVDRxOEp1WlJKTjIreWpkc1dHc2lWQkpYYTRhZkxOWlVOOGFnS1ZuYW1Z?= =?utf-8?B?RmxLeHJoVkp1MFVZTHFGbkI1TTRuaXlpcG1qZUk2RzQ5RmJ4MXN6OWNBbm9T?= =?utf-8?B?d2FpcmpwZ2plN05jL2pTWkIrOGVOcm5rZFJhR3g5ZUpjN2ZzN0lVZlp1c2oy?= =?utf-8?B?WGdWVThOS2pOakROdEdZRDdGWXVDVHArVDhmRjJPYVZBV0ZnN1h4YnJleEsx?= =?utf-8?B?elhGemprbUtUTjE5eVV6RE0wUEEvazBsSkZHRW44ZElmTkFKazhpT1o5TTRL?= =?utf-8?B?b05kaU9zVXlvbVVhVGlYcjJRNmJOaC8xbE1DdElYVlhXNmhrSkZkS1pmNy96?= =?utf-8?B?V0pGUEJiZ2IwNEluMVJ5WURYU2V6M3dVZWFKWGpEam5sUER4SGE2MVVBVTVh?= =?utf-8?B?eHhmY1hOM2R1YjAvL01UL041aVphVURGZnFyVTgra252cTQxVUdMNGdsRU51?= =?utf-8?B?K0l6cXBzbGZaRGJ3YWNOU1Zqbm1uczhqbHh6Y0plaGdVNmZkNndlbVNVRFRR?= =?utf-8?B?cW15OGNjdG5RTmZMREJXWGdwWDV1VjZZUms3U3ltRUVDakhsNStLeGRuQi9Z?= =?utf-8?B?U1BKbnJ0T0J6K1ZlRjFIVFdHNHZ6ZVhWbEt1cXZPWjV4WWFiQWFBbjBpZ2Nk?= =?utf-8?B?RWtOektwUUhpcG53WEYrVDFmWUlXT3FyNkRFT2o3T1ZYeUd2VnR1KzZUYU9L?= =?utf-8?B?cmlJbmFCcmg5K04zU0l2WVVSZXMzZi91TWxXalVYRlYwUWVlbWo5RkFxcHd2?= =?utf-8?B?bkIyNWZIMTJRK0Y4R0hmMmZwSUZRNmo3bG5Wdmo3T29sRGJDVjR5OGpDQldB?= =?utf-8?B?MTdUT3pkQ1ljMCtBTVRUdXVLL2llMjBRQXlaUlpWd1pYWmw1UFpNSmozSlFi?= =?utf-8?B?bFZKTGpxaktWTTF4d3c5alN4aGlGbndheEUwM0JKQmVDQXVYTDM1RTFiQ0lL?= =?utf-8?B?SzBrYnNxVE1UYkVRM1VJZkxjRWNJMFJQK0ZqajRjQVltZEYweTIybnBtT2t3?= =?utf-8?B?cGhZY1Jyb1ZqdTcwZlR1SXBBTVQ5aHpGY09INEgwbFJnZ05nOXV6TW9aYzRu?= =?utf-8?B?YnFsbjh2bU1UREtkWm1uRUUwRVhRU3N2OEN4UjNiNGIwZ2diMjlnYjk5Um9Q?= =?utf-8?B?RzVTRFJTaDEyc2cydlJSaUJiRHVLOEdpRTY5eC94eWcwYVg0aE9TaDJHR1E5?= =?utf-8?B?YlJURDlSVkZrRDBUbHArak93NGtZS28yOXN3SlUxQkV6VVM2U29kR3kvSWlh?= =?utf-8?B?MHRUYitSUE0zald3RzltUmlISkFrL1UwRWFEc3F5NjllTkQ5K3ZMeHlpOHhx?= =?utf-8?B?MkMyUU9YZ3ZpTjM5NVllcUQvSXJ4bjFOeXQydGVHUkFTV3FDdWduclVBPT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a428af1e-245c-4839-add4-08dc52469bf5 X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2024 12:23:59.9817 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P250MB0314 Subject: Re: [FFmpeg-devel] [PATCH 3/3] avcodec/hevcdec: Fix null dereference in hevc_frame_end() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Michael Niedermayer: > Fixes: member access within null pointer of type 'const AVFilmGrainParams' (aka 'const struct AVFilmGrainParams') > Fixes: 67701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-6595117570916352 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/hevcdec.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c > index 752459af2d3..2514d522ba5 100644 > --- a/libavcodec/hevcdec.c > +++ b/libavcodec/hevcdec.c > @@ -2945,6 +2945,8 @@ static int hevc_frame_end(HEVCContext *s) > if (out->needs_fg) { > av_assert0(out->frame_grain->buf[0]); > fgp = av_film_grain_params_select(out->frame); > + if (!fgp) > + return 0; > switch (fgp->type) { > case AV_FILM_GRAIN_PARAMS_NONE: > av_assert0(0); There seems to be a deeper logic bug here: If there is no usable (as defined by av_film_grain_params_select()) film grain stuff here, then the frame_grain frame will be "blank" (may contain e.g. an earlier frame, but definitely not the one it is supposed to have), but it will nevertheless be the frame to be output. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".