PR #21272 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21272 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21272.patch
Fixes: Assertion n>=0 && n<=32 failed at ./libavcodec/get_bits.h:426 Fixes: 468435217/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4644127078940672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From 62c9ff699872e8ff85038e617bfa54e103b07c61 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Mon, 22 Dec 2025 23:03:06 +0100 Subject: [PATCH] avcodec/hevc/sei: Use get_bits64() in decode_nal_sei_3d_reference_displays_info() Fixes: Assertion n>=0 && n<=32 failed at ./libavcodec/get_bits.h:426 Fixes: 468435217/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-4644127078940672 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/hevc/sei.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/hevc/sei.c b/libavcodec/hevc/sei.c index 5fd4e763b3..e12803f1d3 100644 --- a/libavcodec/hevc/sei.c +++ b/libavcodec/hevc/sei.c @@ -195,7 +195,7 @@ static int decode_nal_sei_3d_reference_displays_info(HEVCSEITDRDI *s, GetBitCont else length = FFMAX(0, (int)s->exponent_ref_display_width[i] + (int)s->prec_ref_display_width - 31); - s->mantissa_ref_display_width[i] = get_bits_long(gb, length); + s->mantissa_ref_display_width[i] = get_bits64(gb, length); if (s->ref_viewing_distance_flag) { s->exponent_ref_viewing_distance[i] = get_bits(gb, 6); if (s->exponent_ref_viewing_distance[i] > 62) @@ -205,7 +205,7 @@ static int decode_nal_sei_3d_reference_displays_info(HEVCSEITDRDI *s, GetBitCont else length = FFMAX(0, (int)s->exponent_ref_viewing_distance[i] + (int)s->prec_ref_viewing_dist - 31); - s->mantissa_ref_viewing_distance[i] = get_bits_long(gb, length); + s->mantissa_ref_viewing_distance[i] = get_bits64(gb, length); } s->additional_shift_present_flag[i] = get_bits1(gb); if (s->additional_shift_present_flag[i]) { -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
