RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/hevc_cabac: Limit value in coeff_abs_level_remaining_decode() tighter 

The max depth is 16bps, the max allowed coefficient depth is depth+6
Fixes: signed integer overflow: 1074266112 + 1073725439 cannot be represented in type 'int'
Fixes: 26493/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5657763331702784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-10-23 00:24:01 +02:00
parent 9dc3301745
commit 7cf852b03c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/hevc_cabac.c
View File

@ -998,7 +998,7 @@ static av_always_inline int coeff_abs_level_remaining_decode(HEVCContext *s, int
} else {
int prefix_minus3 = prefix - 3;
if (prefix == CABAC_MAX_BIN || prefix_minus3 + rc_rice_param >= 31) {
if (prefix == CABAC_MAX_BIN || prefix_minus3 + rc_rice_param > 16 + 6) {
av_log(s->avctx, AV_LOG_ERROR, "CABAC_MAX_BIN : %d\n", prefix);
return 0;
}