mirror of https://git.ffmpeg.org/ffmpeg.git
avcodec/hevc_cabac: Check for ff_init_cabac_decoder() failure in cabac_reinit()
Fixes: runtime error: left shift of negative value -967831544 Fixes: 2815/clusterfuzz-testcase-minimized-6062914471460864 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
d1bfa80ec4
commit
4ff94558f2
|
@ -462,9 +462,9 @@ static void load_states(HEVCContext *s)
|
||||||
memcpy(s->HEVClc->cabac_state, s->cabac_state, HEVC_CONTEXTS);
|
memcpy(s->HEVClc->cabac_state, s->cabac_state, HEVC_CONTEXTS);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void cabac_reinit(HEVCLocalContext *lc)
|
static int cabac_reinit(HEVCLocalContext *lc)
|
||||||
{
|
{
|
||||||
skip_bytes(&lc->cc, 0);
|
return skip_bytes(&lc->cc, 0) == NULL ? AVERROR_INVALIDDATA : 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int cabac_init_decoder(HEVCContext *s)
|
static int cabac_init_decoder(HEVCContext *s)
|
||||||
|
@ -524,25 +524,27 @@ int ff_hevc_cabac_init(HEVCContext *s, int ctb_addr_ts)
|
||||||
} else {
|
} else {
|
||||||
if (s->ps.pps->tiles_enabled_flag &&
|
if (s->ps.pps->tiles_enabled_flag &&
|
||||||
s->ps.pps->tile_id[ctb_addr_ts] != s->ps.pps->tile_id[ctb_addr_ts - 1]) {
|
s->ps.pps->tile_id[ctb_addr_ts] != s->ps.pps->tile_id[ctb_addr_ts - 1]) {
|
||||||
|
int ret;
|
||||||
if (s->threads_number == 1)
|
if (s->threads_number == 1)
|
||||||
cabac_reinit(s->HEVClc);
|
ret = cabac_reinit(s->HEVClc);
|
||||||
else {
|
else {
|
||||||
int ret = cabac_init_decoder(s);
|
ret = cabac_init_decoder(s);
|
||||||
if (ret < 0)
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
if (ret < 0)
|
||||||
|
return ret;
|
||||||
cabac_init_state(s);
|
cabac_init_state(s);
|
||||||
}
|
}
|
||||||
if (s->ps.pps->entropy_coding_sync_enabled_flag) {
|
if (s->ps.pps->entropy_coding_sync_enabled_flag) {
|
||||||
if (ctb_addr_ts % s->ps.sps->ctb_width == 0) {
|
if (ctb_addr_ts % s->ps.sps->ctb_width == 0) {
|
||||||
|
int ret;
|
||||||
get_cabac_terminate(&s->HEVClc->cc);
|
get_cabac_terminate(&s->HEVClc->cc);
|
||||||
if (s->threads_number == 1)
|
if (s->threads_number == 1)
|
||||||
cabac_reinit(s->HEVClc);
|
ret = cabac_reinit(s->HEVClc);
|
||||||
else {
|
else {
|
||||||
int ret = cabac_init_decoder(s);
|
ret = cabac_init_decoder(s);
|
||||||
if (ret < 0)
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
if (ret < 0)
|
||||||
|
return ret;
|
||||||
|
|
||||||
if (s->ps.sps->ctb_width == 1)
|
if (s->ps.sps->ctb_width == 1)
|
||||||
cabac_init_state(s);
|
cabac_init_state(s);
|
||||||
|
|
Loading…
Reference in New Issue