PR #21752 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21752 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21752.patch
Fixes: applying non-zero offset 16 to null pointer Fixes: 471614378/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5967030642868224 Note: FF_PTR_ADD() does not work as this code has NULL + 123 cases where the pointer is unsused afterwards Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From c1c24d8077fe6e8c9e046ea93e9bfe01aed6001b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Sat, 14 Feb 2026 01:23:34 +0100 Subject: [PATCH] avcodec/snowenc: avoid NULL ptr arithmetic Fixes: applying non-zero offset 16 to null pointer Fixes: 471614378/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SNOW_fuzzer-5967030642868224 Note: FF_PTR_ADD() does not work as this code has NULL + 123 cases where the pointer is unsused afterwards Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/snowenc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/snowenc.c b/libavcodec/snowenc.c index 20a41f11a4..8d28c48b00 100644 --- a/libavcodec/snowenc.c +++ b/libavcodec/snowenc.c @@ -397,9 +397,10 @@ static int encode_q_branch(SnowEncContext *enc, int level, int x, int y) int l,cr,cb; const int stride= s->current_picture->linesize[0]; const int uvstride= s->current_picture->linesize[1]; +#define PTR_ADD(ptr, off) ((ptr) ? (ptr) + (off) : NULL) const uint8_t *const current_data[3] = { s->input_picture->data[0] + (x + y* stride)*block_w, - s->input_picture->data[1] + ((x*block_w)>>s->chroma_h_shift) + ((y*uvstride*block_w)>>s->chroma_v_shift), - s->input_picture->data[2] + ((x*block_w)>>s->chroma_h_shift) + ((y*uvstride*block_w)>>s->chroma_v_shift)}; + PTR_ADD(s->input_picture->data[1], ((x*block_w)>>s->chroma_h_shift) + ((y*uvstride*block_w)>>s->chroma_v_shift)), + PTR_ADD(s->input_picture->data[2], ((x*block_w)>>s->chroma_h_shift) + ((y*uvstride*block_w)>>s->chroma_v_shift))}; int P[10][2]; int16_t last_mv[3][2]; int qpel= !!(s->avctx->flags & AV_CODEC_FLAG_QPEL); //unused -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
