]> git.sesse.net Git - ffmpeg/commitdiff
projects / ffmpeg / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: efdb564)
avcodec/av1_metadata: don't store the inserted TD OBU in stack
authorJames Almer <jamrial@gmail.com>
Thu, 22 Apr 2021 16:15:03 +0000 (13:15 -0300)
committerJames Almer <jamrial@gmail.com>
Fri, 23 Apr 2021 20:21:13 +0000 (17:21 -0300)
Fixes: stack-use-after-return
Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-5931515701755904
Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6105676541722624
Reviewed-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Signed-off-by: James Almer <jamrial@gmail.com>
libavcodec/av1_metadata_bsf.c patch | blob | history

diff --git a/libavcodec/av1_metadata_bsf.c b/libavcodec/av1_metadata_bsf.c
index 328db5c0da2e8dd279303154819bcd634e309e30..1fb85d88b7e881b6e27ce987af04300fef3ea28d 100644 (file)
--- a/libavcodec/av1_metadata_bsf.c
+++ b/libavcodec/av1_metadata_bsf.c
@@ -28,6 +28,7 @@ typedef struct AV1MetadataContext {
     CBSBSFContext common;
 
     int td;
+    AV1RawOBU td_obu;
 
     int color_primaries;
     int transfer_characteristics;
@@ -107,12 +108,11 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt,
                                         CodedBitstreamFragment *frag)
 {
     AV1MetadataContext *ctx = bsf->priv_data;
-    AV1RawOBU td, *obu;
     int err, i;
 
     for (i = 0; i < frag->nb_units; i++) {
         if (frag->units[i].type == AV1_OBU_SEQUENCE_HEADER) {
-            obu = frag->units[i].content;
+            AV1RawOBU *obu = frag->units[i].content;
             err = av1_metadata_update_sequence_header(bsf, &obu->obu.sequence_header);
             if (err < 0)
                 return err;
@@ -124,12 +124,8 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt,
         if (ctx->td == BSF_ELEMENT_REMOVE)
             ff_cbs_delete_unit(frag, 0);
     } else if (pkt && ctx->td == BSF_ELEMENT_INSERT) {
-        td = (AV1RawOBU) {
-            .header.obu_type = AV1_OBU_TEMPORAL_DELIMITER,
-        };
-
         err = ff_cbs_insert_unit_content(frag, 0, AV1_OBU_TEMPORAL_DELIMITER,
-                                         &td, NULL);
+                                         &ctx->td_obu, NULL);
         if (err < 0) {
             av_log(bsf, AV_LOG_ERROR, "Failed to insert Temporal Delimiter.\n");
             return err;
@@ -155,6 +151,12 @@ static const CBSBSFType av1_metadata_type = {
 
 static int av1_metadata_init(AVBSFContext *bsf)
 {
+    AV1MetadataContext *ctx = bsf->priv_data;
+
+    ctx->td_obu = (AV1RawOBU) {
+        .header.obu_type = AV1_OBU_TEMPORAL_DELIMITER,
+    };
+
     return ff_cbs_bsf_generic_init(bsf, &av1_metadata_type);
 }
 
Unnamed repository; edit this file 'description' to name the repository.