magicyuvenc: better slice height

Michael Niedermayer Tue, 20 Aug 2024 00:51:17 -0700

Fixes: Use of uninitialized value
Fixes: 
71072/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MAGICYUV_fuzzer-4835252046987264


Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 libavcodec/magicyuvenc.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavcodec/magicyuvenc.c b/libavcodec/magicyuvenc.c
index 93eabb9f9a5..6e640d24cc1 100644
--- a/libavcodec/magicyuvenc.c
+++ b/libavcodec/magicyuvenc.c
@@ -378,11 +378,14 @@ static int count_plane_slice(AVCodecContext *avctx, int 
n, int plane)
     Slice *sl = &s->slices[n * s->planes + plane];
     const uint8_t *dst = sl->slice;
     PTable *counts = sl->counts;
+    const int slice_height = s->slice_height;
+    const int last_height = FFMIN(slice_height, avctx->height - n * 
slice_height);
+    const int height = (n < (s->nb_slices - 1)) ? slice_height : last_height;
 
     memset(counts, 0, sizeof(sl->counts));
 
     count_usage(dst, AV_CEIL_RSHIFT(avctx->width, s->hshift[plane]),
-                AV_CEIL_RSHIFT(s->slice_height, s->vshift[plane]), counts);
+                AV_CEIL_RSHIFT(height, s->vshift[plane]), counts);
 
     return 0;
 }
-- 
2.46.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 1/6] avcodec/magicyuvenc: better slice height

Reply via email to