This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/6.1 in repository ffmpeg.
commit 4afb4ab1699a7f7d84a32151d87e1d7b56d6450a Author: Michael Niedermayer <[email protected]> AuthorDate: Sat Feb 14 01:23:34 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon May 4 17:13:25 2026 +0200 avcodec/snowenc: avoid NULL ptr arithmetic Fixes: applying non-zero offset 16 to null pointer Fixes: 471614378/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5967030642868224 Note: FF_PTR_ADD() does not work as this code has NULL + 123 cases where the pointer is unsused afterwards Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit cbbe68fb1a60ce27c38e89733fc9b0003814997e) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/snowenc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libavcodec/snowenc.c b/libavcodec/snowenc.c index 525fbd1af2..f43c45705a 100644 --- a/libavcodec/snowenc.c +++ b/libavcodec/snowenc.c @@ -68,6 +68,8 @@ typedef struct SnowEncContext { uint64_t encoding_error[SNOW_MAX_PLANES]; } SnowEncContext; +#define PTR_ADD(ptr, off) ((ptr) ? (ptr) + (off) : NULL) + static void init_ref(MotionEstContext *c, const uint8_t *const src[3], uint8_t *const ref[3], uint8_t *const ref2[3], int x, int y, int ref_index) @@ -80,7 +82,7 @@ static void init_ref(MotionEstContext *c, const uint8_t *const src[3], }; for (int i = 0; i < 3; i++) { c->src[0][i] = src [i]; - c->ref[0][i] = ref [i] + offset[i]; + c->ref[0][i] = PTR_ADD(ref[i], offset[i]); } av_assert2(!ref_index); } @@ -400,8 +402,8 @@ static int encode_q_branch(SnowEncContext *enc, int level, int x, int y) const int stride= s->current_picture->linesize[0]; const int uvstride= s->current_picture->linesize[1]; const uint8_t *const current_data[3] = { s->input_picture->data[0] + (x + y* stride)*block_w, - s->input_picture->data[1] + ((x*block_w)>>s->chroma_h_shift) + ((y*uvstride*block_w)>>s->chroma_v_shift), - s->input_picture->data[2] + ((x*block_w)>>s->chroma_h_shift) + ((y*uvstride*block_w)>>s->chroma_v_shift)}; + PTR_ADD(s->input_picture->data[1], ((x*block_w)>>s->chroma_h_shift) + ((y*uvstride*block_w)>>s->chroma_v_shift)), + PTR_ADD(s->input_picture->data[2], ((x*block_w)>>s->chroma_h_shift) + ((y*uvstride*block_w)>>s->chroma_v_shift))}; int P[10][2]; int16_t last_mv[3][2]; int qpel= !!(s->avctx->flags & AV_CODEC_FLAG_QPEL); //unused _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
