PR #23265 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23265 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23265.patch
Fixes: out of array access Fixes: evil.apv Found-by: Claude (Anthropic). Human-verified and reported by Omkhar Arasaratnam <[email protected]>. on 05-20 Found-by: Anthropic agents; validated and reported by Ada Logics. on 05-26 Signed-off-by: Michael Niedermayer <[email protected]> >From a56af32a0bc5f308d39bf1c9978f45e9f265fe6f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Thu, 28 May 2026 18:41:13 +0200 Subject: [PATCH] avcodec/apv_decode: avoid using apv_cbc Fixes: out of array access Fixes: evil.apv Found-by: Claude (Anthropic). Human-verified and reported by Omkhar Arasaratnam <[email protected]>. on 05-20 Found-by: Anthropic agents; validated and reported by Ada Logics. on 05-26 Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/apv_decode.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/libavcodec/apv_decode.c b/libavcodec/apv_decode.c index c0615ab410..c44d5d21ad 100644 --- a/libavcodec/apv_decode.c +++ b/libavcodec/apv_decode.c @@ -214,14 +214,13 @@ static int apv_decode_tile_component(AVCodecContext *avctx, void *data, { APVRawFrame *input = data; APVDecodeContext *apv = avctx->priv_data; - const CodedBitstreamAPVContext *apv_cbc = apv->cbc->priv_data; const APVDerivedTileInfo *tile_info = &apv->tile_info; - - int tile_index = job / apv_cbc->num_comp; - int comp_index = job % apv_cbc->num_comp; - const AVPixFmtDescriptor *pix_fmt_desc = av_pix_fmt_desc_get(apv->pix_fmt); + int nb_components = pix_fmt_desc->nb_components; + + int tile_index = job / nb_components; + int comp_index = job % nb_components; int sub_w_shift = comp_index == 0 ? 0 : pix_fmt_desc->log2_chroma_w; int sub_h_shift = comp_index == 0 ? 0 : pix_fmt_desc->log2_chroma_h; @@ -272,7 +271,7 @@ static int apv_decode_tile_component(AVCodecContext *avctx, void *data, int qp = tile->tile_header.tile_qp[comp_index]; int level_scale = apv_level_scale[qp % 6]; - bit_depth = apv_cbc->bit_depth; + bit_depth = input->frame_header.frame_info.bit_depth_minus8 + 8; qp_shift = qp / 6; for (int y = 0; y < 8; y++) { -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
