This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.0 in repository ffmpeg.
commit 127baed12766aaf6ef31a6d9f70805f88dc2766c Author: Michael Niedermayer <[email protected]> AuthorDate: Sun May 31 04:31:05 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun Jun 14 04:59:10 2026 +0200 avcodec/mwsc: do not dereference a missing reference frame Fixes: 493841393/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MWSC_fuzzer-5079884677578752 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit ba825ce85f9347c0eac3dfe9d8cf7ebde6dcd86b) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/mwsc.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/libavcodec/mwsc.c b/libavcodec/mwsc.c index 0d4ee9791a..8976376d4f 100644 --- a/libavcodec/mwsc.c +++ b/libavcodec/mwsc.c @@ -65,6 +65,9 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext *pb, GetByteContext } else if (run == 255) { int pos = bytestream2_tell_p(pb); + if (!gbp) + return AVERROR_INVALIDDATA; + bytestream2_seek(gbp, pos, SEEK_SET); if (pos + width - w < fill) @@ -128,11 +131,16 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame, return ret; bytestream2_init(&gb, s->decomp_buf, zstream->total_out); - bytestream2_init(&gbp, s->prev_frame->data[0], avctx->height * s->prev_frame->linesize[0]); + if (s->prev_frame->data[0]) + bytestream2_init(&gbp, s->prev_frame->data[0], avctx->height * s->prev_frame->linesize[0]); bytestream2_init_writer(&pb, frame->data[0], avctx->height * frame->linesize[0]); - if (rle_uncompress(&gb, &pb, &gbp, avctx->width, avctx->height, avctx->width * 3, - frame->linesize[0], s->prev_frame->linesize[0])) + ret = rle_uncompress(&gb, &pb, s->prev_frame->data[0] ? &gbp : NULL, + avctx->width, avctx->height, avctx->width * 3, + frame->linesize[0], s->prev_frame->linesize[0]); + if (ret < 0) + return ret; + if (ret) frame->flags |= AV_FRAME_FLAG_KEY; else frame->flags &= ~AV_FRAME_FLAG_KEY; _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
