PR #23610 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23610
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23610.patch


>From bbad4e19ff4508ce52f9f416f8355dde9f20a6b6 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <[email protected]>
Date: Fri, 26 Jun 2026 20:58:49 +0200
Subject: [PATCH 1/3] avcodec: Align bayer pixel formats to 2x2

Fixes: out of array access with odd dimensioned bayer
Fixes: fa6F4c0xA8el
Signed-off-by: Michael Niedermayer <[email protected]>
---
 libavcodec/utils.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/libavcodec/utils.c b/libavcodec/utils.c
index 550d818572..256fb4ed39 100644
--- a/libavcodec/utils.c
+++ b/libavcodec/utils.c
@@ -315,6 +315,21 @@ void avcodec_align_dimensions2(AVCodecContext *s, int 
*width, int *height,
             h_align = 8;
         }
         break;
+    case AV_PIX_FMT_BAYER_BGGR8:
+    case AV_PIX_FMT_BAYER_RGGB8:
+    case AV_PIX_FMT_BAYER_GBRG8:
+    case AV_PIX_FMT_BAYER_GRBG8:
+    case AV_PIX_FMT_BAYER_BGGR16LE:
+    case AV_PIX_FMT_BAYER_BGGR16BE:
+    case AV_PIX_FMT_BAYER_RGGB16LE:
+    case AV_PIX_FMT_BAYER_RGGB16BE:
+    case AV_PIX_FMT_BAYER_GBRG16LE:
+    case AV_PIX_FMT_BAYER_GBRG16BE:
+    case AV_PIX_FMT_BAYER_GRBG16LE:
+    case AV_PIX_FMT_BAYER_GRBG16BE:
+        w_align = FFMAX(w_align, 2);
+        h_align = FFMAX(h_align, 2);
+        break;
     default:
         break;
     }
-- 
2.52.0


>From a23ad40bce779f2b3b799dc0868b9e3dc734a707 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <[email protected]>
Date: Fri, 26 Jun 2026 20:58:49 +0200
Subject: [PATCH 2/3] avcodec/ffv1dec: Reject bayer with unaligned slice
 coordinates

Bayer was introduced (4f509c9e43) with combined_version 0x4000A, so no real
bayer stream uses the old unaligned coordinates; reject it. Odd picture
dimensions remain valid and are handled by aligning the bayer allocation to
2x2.

Fixes: out of array write
Fixes: fa6F4c0xA8el
Fixes: 4f509c9e43 (ffv1dec: implement Bayer pixel format encoding)
Found-by: Anonymous
Signed-off-by: Michael Niedermayer <[email protected]>
---
 libavcodec/ffv1dec.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 6677e5c8b4..0c0689c81f 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -583,6 +583,12 @@ static int read_header(FFV1Context *f, RangeCoder *c)
     if (ret < 0)
         return ret;
 
+    if (f->bayer && f->combined_version <= 0x40002) {
+        av_log(f->avctx, AV_LOG_ERROR,
+               "Bayer requires aligned slice coordinates (combined_version > 
0x40002)\n");
+        return AVERROR_INVALIDDATA;
+    }
+
     if (f->configured_pix_fmt != f->pix_fmt ||
         f->configured_width != f->width ||
         f->configured_height != f->height ||
-- 
2.52.0


>From deafebff037d0edb559275796ac16134c1a5b4fe Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <[email protected]>
Date: Fri, 26 Jun 2026 20:58:49 +0200
Subject: [PATCH 3/3] avcodec/ffv1enc: Reject odd dimensions for bayer

Signed-off-by: Michael Niedermayer <[email protected]>
---
 libavcodec/ffv1enc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/ffv1enc.c b/libavcodec/ffv1enc.c
index eb55d3ba32..e6b7506557 100644
--- a/libavcodec/ffv1enc.c
+++ b/libavcodec/ffv1enc.c
@@ -1016,6 +1016,11 @@ static av_cold int encode_init_internal(AVCodecContext 
*avctx)
     if (ret < 0)
         return ret;
 
+    if (s->bayer && (avctx->width & 1 || avctx->height & 1)) {
+        av_log(avctx, AV_LOG_ERROR, "bayer requires even dimensions\n");
+        return AVERROR(EINVAL);
+    }
+
     if (s->bits_per_raw_sample > (s->version > 3 ? 16 : 8) && !s->remap_mode) {
         if (s->ac == AC_GOLOMB_RICE) {
             av_log(avctx, AV_LOG_INFO,
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to