opensource/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2026-03-13 09:00:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/snowenc: avoid NULL ptr arithmetic

Browse Source 
Fixes: applying non-zero offset 16 to null pointer
Fixes: 471614378/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5967030642868224

Note: FF_PTR_ADD() does not work as this code has NULL + 123 cases where the pointer is unsused afterwards

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-02-14 01:23:34 +01:00
parent 1fc7464cf7
commit cbbe68fb1a
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/snowenc.c
View File

@@ -73,6 +73,8 @@ typedef struct SnowEncContext {
IDWTELEM obmc_scratchpad[MB_SIZE * MB_SIZE * 12 * 2];
} SnowEncContext;
#define PTR_ADD(ptr, off) ((ptr) ? (ptr) + (off) : NULL)
static void init_ref(MotionEstContext *c, const uint8_t *const src[3],
uint8_t *const ref[3], uint8_t *const ref2[3],
int x, int y, int ref_index)
@@ -85,7 +87,7 @@ static void init_ref(MotionEstContext *c, const uint8_t *const src[3],
};
for (int i = 0; i < 3; i++) {
c->src[0][i] = src [i];
c->ref[0][i] = ref [i] + offset[i];
c->ref[0][i] = PTR_ADD(ref[i], offset[i]);
}
av_assert2(!ref_index);
}
@@ -404,8 +406,8 @@ static int encode_q_branch(SnowEncContext *enc, int level, int x, int y)
const int stride= s->current_picture->linesize[0];
const int uvstride= s->current_picture->linesize[1];
const uint8_t *const current_data[3] = { s->input_picture->data[0] + (x + y* stride)*block_w,
s->input_picture->data[1] + ((x*block_w)>>s->chroma_h_shift) + ((y*uvstride*block_w)>>s->chroma_v_shift),
s->input_picture->data[2] + ((x*block_w)>>s->chroma_h_shift) + ((y*uvstride*block_w)>>s->chroma_v_shift)};
PTR_ADD(s->input_picture->data[1], ((x*block_w)>>s->chroma_h_shift) + ((y*uvstride*block_w)>>s->chroma_v_shift)),
PTR_ADD(s->input_picture->data[2], ((x*block_w)>>s->chroma_h_shift) + ((y*uvstride*block_w)>>s->chroma_v_shift))};
int P[10][2];
int16_t last_mv[3][2];
int qpel= !!(s->avctx->flags & AV_CODEC_FLAG_QPEL); //unused