[FFmpeg-devel] [PR] avcodec/av1dec: fix null pointer dereference in LCEVC side data handling (PR #22680)

Wed, 01 Apr 2026 06:59:41 -0700 

PR #22680 opened by Zhao Zhili (quink)
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22680
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22680.patch

ff_frame_new_side_data() may set sd to NULL and return 0 when
side_data_pref() determines that existing side data should be
preferred.


>From ca8a8c242b631a3b36d66ee62d6fdcb104f13ca4 Mon Sep 17 00:00:00 2001
From: Zhao Zhili <[email protected]>
Date: Wed, 1 Apr 2026 21:05:59 +0800
Subject: [PATCH 1/2] avcodec/av1dec: fix null pointer dereference in LCEVC
 side data handling

ff_frame_new_side_data() may set sd to NULL and return 0 when
side_data_pref() determines that existing side data should be
preferred.

Signed-off-by: Zhao Zhili <[email protected]>
---
 libavcodec/av1dec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c
index 1635cbea54..8a42a9cf60 100644
--- a/libavcodec/av1dec.c
+++ b/libavcodec/av1dec.c
@@ -1060,6 +1060,8 @@ FF_ENABLE_DEPRECATION_WARNINGS
                                          bytestream2_get_bytes_left(&gb), &sd);
             if (ret < 0)
                 return ret;
+            if (!sd)
+                break;
 
             bytestream2_get_bufferu(&gb, sd->data, sd->size);
             break;
-- 
2.52.0


>From 042d2c69afebf67c85c7e3fb332655e2aed7a15f Mon Sep 17 00:00:00 2001
From: Zhao Zhili <[email protected]>
Date: Wed, 1 Apr 2026 21:07:21 +0800
Subject: [PATCH 2/2] avcodec/libdav1d: fix null pointer dereference in LCEVC
 side data handling

ff_frame_new_side_data() may set sd to NULL and return 0 when
side_data_pref() determines that existing side data should be
preferred.

Signed-off-by: Zhao Zhili <[email protected]>
---
 libavcodec/libdav1d.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/libdav1d.c b/libavcodec/libdav1d.c
index d9755a45b2..ae810b7abd 100644
--- a/libavcodec/libdav1d.c
+++ b/libavcodec/libdav1d.c
@@ -459,6 +459,8 @@ FF_ENABLE_DEPRECATION_WARNINGS
                                          bytestream2_get_bytes_left(&gb), &sd);
             if (res < 0)
                 return res;
+            if (!sd)
+                break;
 
             bytestream2_get_bufferu(&gb, sd->data, sd->size);
             break;
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to