[FFmpeg-devel] [PATCH] avcodec/nvdec_hevc: Fix off-by-one error

Andreas Rheinhardt andreas.rheinhardt at outlook.com
Sat Aug 6 09:01:37 EEST 2022


Fixes Coverity issues #1442912, #1442913, #1442916 and #1442917.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
---
Given that hevc_ps.c checks these values, it is actually impossible
for this error to be triggered.

 libavcodec/nvdec_hevc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/nvdec_hevc.c b/libavcodec/nvdec_hevc.c
index 590278ba04..cd549d2ef6 100644
--- a/libavcodec/nvdec_hevc.c
+++ b/libavcodec/nvdec_hevc.c
@@ -204,8 +204,8 @@ static int nvdec_hevc_start_frame(AVCodecContext *avctx,
         ppc->row_height_minus1[i] = pps->row_height[i] - 1;
 
 #if NVDECAPI_CHECK_VERSION(9, 0)
-    if (pps->chroma_qp_offset_list_len_minus1 > FF_ARRAY_ELEMS(ppc->cb_qp_offset_list) ||
-        pps->chroma_qp_offset_list_len_minus1 > FF_ARRAY_ELEMS(ppc->cr_qp_offset_list)) {
+    if (pps->chroma_qp_offset_list_len_minus1 >= FF_ARRAY_ELEMS(ppc->cb_qp_offset_list) ||
+        pps->chroma_qp_offset_list_len_minus1 >= FF_ARRAY_ELEMS(ppc->cr_qp_offset_list)) {
         av_log(avctx, AV_LOG_ERROR, "Too many chroma_qp_offsets\n");
         return AVERROR(ENOSYS);
     }
-- 
2.34.1



More information about the ffmpeg-devel mailing list