[FFmpeg-devel] [PR] avcodec/h2645_sei: Initialize side data before deallocation (PR #23129)

Sun, 17 May 2026 08:05:30 -0700 

PR #23129 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23129
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23129.patch

Fixes: use after free
Fixes: poc_hvcc_modified.mp4

Found by: Jiale Yao
Signed-off-by: Michael Niedermayer <[email protected]>


>From 2336f1e86d0292ecd0edc566d5ed2938cfbeb1c5 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <[email protected]>
Date: Sun, 17 May 2026 16:55:54 +0200
Subject: [PATCH] avcodec/h2645_sei: Initialize side data before deallocation

Fixes: use after free
Fixes: poc_hvcc_modified.mp4

Found by: Jiale Yao
Signed-off-by: Michael Niedermayer <[email protected]>
---
 libavcodec/h2645_sei.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavcodec/h2645_sei.c b/libavcodec/h2645_sei.c
index 638362fbf6..c9fb25b1da 100644
--- a/libavcodec/h2645_sei.c
+++ b/libavcodec/h2645_sei.c
@@ -629,15 +629,15 @@ static int h2645_sei_to_side_data(AVCodecContext *avctx, 
H2645SEI *sei,
             return AVERROR(ENOMEM);
         }
 
+        dst_env->ambient_illuminance = av_make_q(env->ambient_illuminance, 
10000);
+        dst_env->ambient_light_x     = av_make_q(env->ambient_light_x,     
50000);
+        dst_env->ambient_light_y     = av_make_q(env->ambient_light_y,     
50000);
+
         ret = ff_frame_new_side_data_from_buf_ext(avctx, sd, nb_sd,
                                                   
AV_FRAME_DATA_AMBIENT_VIEWING_ENVIRONMENT, &buf);
 
         if (ret < 0)
             return ret;
-
-        dst_env->ambient_illuminance = av_make_q(env->ambient_illuminance, 
10000);
-        dst_env->ambient_light_x     = av_make_q(env->ambient_light_x,     
50000);
-        dst_env->ambient_light_y     = av_make_q(env->ambient_light_y,     
50000);
     }
 
     if (sei->mastering_display.present) {
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to