Skip to content
Permalink
Browse files Browse the repository at this point in the history
avcodec/idctdsp: Transmit studio_profile to init instead of using AVC…
…odecContext profile

These 2 fields are not always the same, it is simpler to always use the same field
for detecting studio profile

Fixes: null pointer dereference
Fixes: ffmpeg_crash_3.avi

Found-by: Thuan Pham <thuanpv@comp.nus.edu.sg>, Marcel Böhme, Andrew Santosa and Alexandru RazvanCaciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
  • Loading branch information
michaelni committed May 30, 2018
1 parent 1aa5192 commit b3332a1
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 1 deletion.
2 changes: 1 addition & 1 deletion libavcodec/idctdsp.c
Expand Up @@ -258,7 +258,7 @@ av_cold void ff_idctdsp_init(IDCTDSPContext *c, AVCodecContext *avctx)
if (avctx->bits_per_raw_sample == 10 || avctx->bits_per_raw_sample == 9) {
/* 10-bit MPEG-4 Simple Studio Profile requires a higher precision IDCT
However, it only uses idct_put */
if (avctx->codec_id == AV_CODEC_ID_MPEG4 && avctx->profile == FF_PROFILE_MPEG4_SIMPLE_STUDIO)
if (c->mpeg4_studio_profile)
c->idct_put = ff_simple_idct_put_int32_10bit;
else {
c->idct_put = ff_simple_idct_put_int16_10bit;
Expand Down
2 changes: 2 additions & 0 deletions libavcodec/idctdsp.h
Expand Up @@ -95,6 +95,8 @@ typedef struct IDCTDSPContext {
*/
uint8_t idct_permutation[64];
enum idct_permutation_type perm_type;

int mpeg4_studio_profile;
} IDCTDSPContext;

void ff_put_pixels_clamped_c(const int16_t *block, uint8_t *av_restrict pixels,
Expand Down
2 changes: 2 additions & 0 deletions libavcodec/mpegvideo.c
Expand Up @@ -329,6 +329,8 @@ static av_cold int dct_init(MpegEncContext *s)

av_cold void ff_mpv_idct_init(MpegEncContext *s)
{
if (s->codec_id == AV_CODEC_ID_MPEG4)
s->idsp.mpeg4_studio_profile = s->studio_profile;
ff_idctdsp_init(&s->idsp, s->avctx);

/* load & permutate scantables
Expand Down

1 comment on commit b3332a1

@thuanpv
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is CVE-2018-12460

Please sign in to comment.