On 20/09/2024 01:54, James Almer wrote: > On 9/19/2024 9:34 PM, Michael Niedermayer wrote: >> On Thu, Sep 19, 2024 at 08:53:07PM -0300, James Almer wrote: >>> On 9/19/2024 7:56 PM, Michael Niedermayer wrote: >>>> Fixes: shift exponent 62 is too large for 32-bit type 'int' >>>> Fixes: >>>> 71020/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-6444916325023744 >>>> >>>> Found-by: continuous fuzzing process >>>> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >>>> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> >>>> --- >>>> libavcodec/cbs_h266_syntax_template.c | 3 +++ >>>> 1 file changed, 3 insertions(+) >>>> >>>> diff --git a/libavcodec/cbs_h266_syntax_template.c >>>> b/libavcodec/cbs_h266_syntax_template.c >>>> index a8f5af04d02..1c111126563 100644 >>>> --- a/libavcodec/cbs_h266_syntax_template.c >>>> +++ b/libavcodec/cbs_h266_syntax_template.c >>>> @@ -1041,6 +1041,9 @@ static int >>>> FUNC(sps_range_extension)(CodedBitstreamContext *ctx, RWContext *rw, >>>> { >>>> int err; >>>> + if (current->sps_bitdepth_minus8 < 10) >>> >>> sps_bitdepth_minus8 can only be between 0 and 8, so this is basically >>> making >>> it abort on any and every sample with SPS range extension. >> >> + if (current->sps_bitdepth_minus8 < 10 - 8) > > Ok, this is different. > >> >> Its supposed to check this: >> "When BitDepth is less >> than or equal to 10, the value of sps_range_extension_flag shall be >> equal to 0." > > Should be "<= (10 - 8)" then, and LGTM. >
LGTM, although nit: I think intent would be clearer and the code would correspond better with the standard if the check was moved to the parent function next to the flag itself. -- Frank _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
