From 173a978b9d8cd4925a8d01c95ebbee0382543432 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon, 18 Nov 2024 03:22:27 +0100
Subject: [PATCH] avcodec/h2645_parse: Ignore NAL with nuh_layer_id == 63

Comply with "For purposes other than determining the amount of data in the decoding units
of the bitstream, decoders shall ignore all data that follow the value 63 for nuh_layer_id in a NAL unit"
Rec. ITU-T H.265 v8 (08/2021)	Page 67

Fixes: index 63 out of bounds for type 'const int8_t[63]' (aka 'const signed char[63]')
Fixes: clusterfuzz-testcase-fuzzer_loadfile-5109286752026624
Reported-by: Kacper Michajlow <kasper93@gmail.com>
Found-by: ossfuzz
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 360e7cafd0e65fdf4b186c95e2517a94b9f3fa4f)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/h2645_parse.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavcodec/h2645_parse.c b/libavcodec/h2645_parse.c
index 7b48fcae17..82816999e8 100644
--- a/libavcodec/h2645_parse.c
+++ b/libavcodec/h2645_parse.c
@@ -581,9 +581,11 @@ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length,
 
         if (codec_id == AV_CODEC_ID_VVC)
             ret = vvc_parse_nal_header(nal, logctx);
-        else if (codec_id == AV_CODEC_ID_HEVC)
+        else if (codec_id == AV_CODEC_ID_HEVC) {
             ret = hevc_parse_nal_header(nal, logctx);
-        else
+            if (nal->nuh_layer_id == 63)
+                continue;
+        } else
             ret = h264_parse_nal_header(nal, logctx);
         if (ret < 0) {
             av_log(logctx, AV_LOG_WARNING, "Invalid NAL unit %d, skipping.\n",