Stowage/ffmpeg
2
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2026-06-08 00:10:30 +00:00
Code Issues Projects Releases Packages Wiki Activity
ffmpeg/libavcodec/hevc
History
Exact
Michael Niedermayer bafbef02c9
avcodec/hevc/ps: validate rep_format dimensions in multi-layer SPS 
When an SPS uses the multi-layer extension (nuh_layer_id > 0 with
sps_max_sub_layers_minus1 == 7), width and height are taken from the
VPS rep_format without the av_image_check_size() validation that the
direct path performs.  HEVC F.7.4.3.1.1 requires rep_format pic
dimensions to satisfy the constraints in 7.4.3.2.1, including
"pic_width_in_luma_samples shall not be equal to 0".

Run the same av_image_check_size() check in the multi-layer-extension
path so the SPS is rejected before it reaches setup_pps().

Fixes: VS-FF-2026-0003/poc.flv
Fixes: out of array access

Found-by: Vuln Seeker Cyber Security Team
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0f5705959d)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2026-05-04 15:57:32 +02:00
..
cabac.c all: apply linter fixes 2025-12-07 15:54:59 +00:00
data.c
data.h
dsp.c
dsp.h
dsp_template.c avcodec/hevc: ff_hevc_(qpel/epel)_filters are signed type 2024-09-14 16:36:34 +08:00
filter.c lavc/hevcdec: make a HEVCFrame hold a reference to its PPS 2024-09-06 13:59:29 +02:00
hevc.h lavc/hevc_ps: parse VPS extension 2024-09-23 17:11:40 +02:00
hevcdec.c avcodec/hevc/hevcdec: Clean sao_pixel_buffer_v on allocation 2025-09-08 02:13:14 +02:00
hevcdec.h lavc/hevcdec: unbreak WPP/progress2 code 2025-02-13 19:45:30 +08:00
Makefile avcodec/hevc/Makefile: Move rules for lavc/* files to lavc/Makefile 2024-06-09 10:59:33 +02:00
mvs.c lavc/hevcdec: make a HEVCFrame hold a reference to its PPS 2024-09-06 13:59:29 +02:00
parse.c lavc/hevcdec/parse: process NALUs with nuh_layer_id>0 2024-09-23 17:11:40 +02:00
parse.h
parser.c lavc/hevc/parser: only split packets on NALUs with nuh_layer_id=0 2024-09-23 17:11:40 +02:00
pred.c
pred.h lavc/hevc/pred: stop accessing parameter sets through HEVCParamSets 2024-06-11 17:39:34 +02:00
pred_template.c avcodec: use the renamed av_zero_extend 2024-06-13 20:36:09 -03:00
ps.c avcodec/hevc/ps: validate rep_format dimensions in multi-layer SPS 2026-05-04 15:57:32 +02:00
ps.h lavc/hevc/ps: implement SPS parsing for nuh_layer_id>0 2024-09-23 17:11:40 +02:00
ps_enc.c
refs.c avcodec/hevc/refs: Check multiplication in alloc_frame() 2026-05-04 15:57:30 +02:00
sei.c avcodec/hevc/sei: Use get_bits64() in decode_nal_sei_3d_reference_displays_info() 2026-05-04 15:57:06 +02:00
sei.h avcodec/hevc/sei: Use get_bits64() in decode_nal_sei_3d_reference_displays_info() 2026-05-04 15:57:06 +02:00