[FFmpeg-cvslog] avcodec/hevc_ps: allocate only the required HEVCHdrParams within a VPS

James Almer git at videolan.org
Thu Mar 21 15:00:30 EET 2024


ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Wed Mar 20 20:34:37 2024 -0300| [456c8ebe7c7dcd766d36cd0296815d89fd1166b5] | committer: James Almer

avcodec/hevc_ps: allocate only the required HEVCHdrParams within a VPS

Fixes: timeout
Fixes: 64033/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_HEVC_fuzzer-5332101272305664

Signed-off-by: James Almer <jamrial at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=456c8ebe7c7dcd766d36cd0296815d89fd1166b5
---

 libavcodec/hevc_ps.c | 14 +++++++++++++-
 libavcodec/hevc_ps.h |  2 +-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index fb997066d9..d29cf9f372 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -438,13 +438,20 @@ static int decode_hrd(GetBitContext *gb, int common_inf_present,
     return 0;
 }
 
+static void uninit_vps(FFRefStructOpaque opaque, void *obj)
+{
+    HEVCVPS *vps = obj;
+
+    av_freep(&vps->hdr);
+}
+
 int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx,
                            HEVCParamSets *ps)
 {
     int i,j;
     int vps_id = 0;
     ptrdiff_t nal_size;
-    HEVCVPS *vps = ff_refstruct_allocz(sizeof(*vps));
+    HEVCVPS *vps = ff_refstruct_alloc_ext(sizeof(*vps), 0, NULL, uninit_vps);
 
     if (!vps)
         return AVERROR(ENOMEM);
@@ -533,6 +540,11 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx,
                    "vps_num_hrd_parameters %d is invalid\n", vps->vps_num_hrd_parameters);
             goto err;
         }
+
+        vps->hdr = av_calloc(vps->vps_num_hrd_parameters, sizeof(*vps->hdr));
+        if (!vps->hdr)
+            goto err;
+
         for (i = 0; i < vps->vps_num_hrd_parameters; i++) {
             int common_inf_present = 1;
 
diff --git a/libavcodec/hevc_ps.h b/libavcodec/hevc_ps.h
index 786c896709..87cea479e9 100644
--- a/libavcodec/hevc_ps.h
+++ b/libavcodec/hevc_ps.h
@@ -152,7 +152,7 @@ typedef struct PTL {
 
 typedef struct HEVCVPS {
     unsigned int vps_id;
-    HEVCHdrParams hdr[HEVC_MAX_LAYER_SETS];
+    HEVCHdrParams *hdr;
 
     uint8_t vps_temporal_id_nesting_flag;
     int vps_max_layers;



More information about the ffmpeg-cvslog mailing list