avcodec/cbs_h265_syntax_template:

Fixes: Assertion width > 0 && width <= 32 failed Fixes: 71012/clusterfuzz-testcase-minimized-ffmpeg_BSF_HEVC_METADATA_fuzzer-6073354744823808 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
8 months ago · 043875941f
parent 8657eb9c3f
commit 043875941f
1 changed files with 12 additions and 0 deletions
--- a/libavcodec/cbs_h265_syntax_template.c
+++ b/libavcodec/cbs_h265_syntax_template.c
@ -2307,6 +2307,12 @@ SEI_FUNC(sei_3d_reference_displays_info, (CodedBitstreamContext *ctx, RWContext
        else
            length = FFMAX(0, (int)current->exponent_ref_display_width[i] +
                              (int)current->prec_ref_display_width - 31);
+
+        if (length > 32) {
+            av_log(ctx->log_ctx, AV_LOG_ERROR, "refDispWidthBits > 32 is not supported\n");
+            return AVERROR_PATCHWELCOME;
+        }
+
        if (length)
            ubs(length, mantissa_ref_display_width[i], 1, i);
        else
@ -2318,6 +2324,12 @@ SEI_FUNC(sei_3d_reference_displays_info, (CodedBitstreamContext *ctx, RWContext
            else
                length = FFMAX(0, (int)current->exponent_ref_viewing_distance[i] +
                                  (int)current->prec_ref_viewing_dist - 31);
+
+            if (length > 32) {
+                av_log(ctx->log_ctx, AV_LOG_ERROR, "refViewDistBits > 32 is not supported\n");
+                return AVERROR_PATCHWELCOME;
+            }
+
            if (length)
                ubs(length, mantissa_ref_viewing_distance[i], 1, i);
            else