Michael Niedermayer: > Fixes: member access within null pointer of type 'const AVFilmGrainParams' > (aka 'const struct AVFilmGrainParams') > Fixes: > 67701/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-6595117570916352 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > --- > libavcodec/hevcdec.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c > index 752459af2d3..2514d522ba5 100644 > --- a/libavcodec/hevcdec.c > +++ b/libavcodec/hevcdec.c > @@ -2945,6 +2945,8 @@ static int hevc_frame_end(HEVCContext *s) > if (out->needs_fg) { > av_assert0(out->frame_grain->buf[0]); > fgp = av_film_grain_params_select(out->frame); > + if (!fgp) > + return 0; > switch (fgp->type) { > case AV_FILM_GRAIN_PARAMS_NONE: > av_assert0(0);
There seems to be a deeper logic bug here: If there is no usable (as defined by av_film_grain_params_select()) film grain stuff here, then the frame_grain frame will be "blank" (may contain e.g. an earlier frame, but definitely not the one it is supposed to have), but it will nevertheless be the frame to be output. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
