This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.0 in repository ffmpeg.
commit 56572699eb6944f747a0972b53e1d0106ff7a239 Author: Michael Niedermayer <[email protected]> AuthorDate: Thu May 28 18:41:13 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun Jun 14 04:59:05 2026 +0200 avcodec/apv_decode: avoid using apv_cbc Fixes: out of array access Fixes: evil.apv Found-by: Claude (Anthropic). Human-verified and reported by Omkhar Arasaratnam <[email protected]>. on 05-20 Found-by: Anthropic agents; validated and reported by Ada Logics. on 05-26 Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 7a2424eb43e6bc04b5ba6a280fe3a05f8fd539b7) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/apv_decode.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/libavcodec/apv_decode.c b/libavcodec/apv_decode.c index dd8a07e24f..1ddc0d8e5d 100644 --- a/libavcodec/apv_decode.c +++ b/libavcodec/apv_decode.c @@ -193,14 +193,13 @@ static int apv_decode_tile_component(AVCodecContext *avctx, void *data, { APVRawFrame *input = data; APVDecodeContext *apv = avctx->priv_data; - const CodedBitstreamAPVContext *apv_cbc = apv->cbc->priv_data; const APVDerivedTileInfo *tile_info = &apv->tile_info; - - int tile_index = job / apv_cbc->num_comp; - int comp_index = job % apv_cbc->num_comp; - const AVPixFmtDescriptor *pix_fmt_desc = av_pix_fmt_desc_get(avctx->pix_fmt); + int nb_components = pix_fmt_desc->nb_components; + + int tile_index = job / nb_components; + int comp_index = job % nb_components; int sub_w_shift = comp_index == 0 ? 0 : pix_fmt_desc->log2_chroma_w; int sub_h_shift = comp_index == 0 ? 0 : pix_fmt_desc->log2_chroma_h; @@ -251,7 +250,7 @@ static int apv_decode_tile_component(AVCodecContext *avctx, void *data, int qp = tile->tile_header.tile_qp[comp_index]; int level_scale = apv_level_scale[qp % 6]; - bit_depth = apv_cbc->bit_depth; + bit_depth = input->frame_header.frame_info.bit_depth_minus8 + 8; qp_shift = qp / 6; for (int y = 0; y < 8; y++) { _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
