ffmpeg/FFmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2024-09-19 21:06:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

lavc/vvc: Prevent OOB access in subpic_tiles

Browse Source 
The previous logic relied on the subpicture boundaries coinciding with
the tile boundaries.  Per 6.3.1 of H.266 (V3), vertical subpicture
boundaries are always tile boundaries however the same cannot be said
for horizontal subpicture boundaries.  Furthermore, it is possible to
construct an illegal bitstream where vertical subpicture boundaries are
not coincident with tile boundaries.  In these cases, the condition of
the while loop would never be satisfied resulting in an OOB read on
col_bd/row_bd.

Patch fixes this issue by replacing != with <, thereby not requiring
subpicture boundaries and tile boundaries to be coincident.

Signed-off-by: Frank Plowman <post@frankplowman.com>
This commit is contained in:
Frank Plowman 2024-08-23 12:44:08 +01:00 committed by Nuo Mi
parent b2eabe0ff2
commit 01701bdcd5
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/vvc/ps.c
View File

@ -384,10 +384,10 @@ static void subpic_tiles(int *tile_x, int *tile_y, int *tile_x_end, int *tile_y_
*tile_x = *tile_y = 0;
while (pps->col_bd[*tile_x] != rx)
while (pps->col_bd[*tile_x] < rx)
(*tile_x)++;
while (pps->row_bd[*tile_y] != ry)
while (pps->row_bd[*tile_y] < ry)
(*tile_y)++;
*tile_x_end = (*tile_x);