github-mirrors/FFmpeg
1
0
Fork 0
mirror of https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg synced 2026-04-20 21:00:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

libavcodec/cbs_apv_syntax_template: limit tile to 2gb

Browse Source 
We do not support larger tiles as we use signed int
Alternatively we can check this in apv_decode_tile_component() or init_get_bits*()
or support bitstreams above 2gb length

Fixes: init_get_bits() failure later
Fixes: 421817631/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APV_fuzzer-4957386534354944

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2025-07-03 22:12:43 +02:00
parent d19b7c283c
commit 4666c1eed3
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/cbs_apv_syntax_template.c
View File

@@ -263,7 +263,7 @@ static int FUNC(frame)(CodedBitstreamContext *ctx, RWContext *rw,
CHECK(FUNC(frame_header)(ctx, rw, &current->frame_header)); CHECK(FUNC(frame_header)(ctx, rw, &current->frame_header));
for (int t = 0; t < priv->num_tiles; t++) { for (int t = 0; t < priv->num_tiles; t++) {
us(32, tile_size[t], 10, MAX_UINT_BITS(32), 1, t); us(32, tile_size[t], 10, MAX_INT_BITS(32), 1, t);
CHECK(FUNC(tile)(ctx, rw, &current->tile[t], CHECK(FUNC(tile)(ctx, rw, &current->tile[t],
t, current->tile_size[t])); t, current->tile_size[t]));