On Mon, Jun 24, 2024 at 02:01:42AM +0200, Andreas Rheinhardt wrote: > These values are not read anywhere. Furthermore, since commit > fe6037fd04db8837dcdb9013f9c4ad4e7eb0592e the linesize values > of the MPVWorkPictures were wrong for subsequent fields > in a chain of B-pictures (as they are always doubled and no longer > based upon the frame-linesizes) which can eventually lead to overflow. > > Finally, it makes no real sense to ever double the linesize > of the reference pictures at all: Even when the current picture > is a field, it can still reference both fields of reference > pictures and therefore the linesize should allow to address > both fields (for the same reason, data is not offset for > reference pictures). > > libavcodec/mpeg12dec.c:1304:41: runtime error: signed integer overflow: > 4611686018427387904 * 2 cannot be represented in type 'long' > > issue: > 69732/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEGVIDEO_fuzzer-5123551179374592 > > Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com> > --- > libavcodec/mpeg12dec.c | 2 -- > 1 file changed, 2 deletions(-)
Tested, fixes the issue thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Some people wanted to paint the bikeshed green, some blue and some pink. People argued and fought, when they finally agreed, only rust was left.
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
