[FFmpeg-devel] [PATCH 1/2] avcodec/cbs_av1_syntax_template: Set seen_frame_header only after successfull uncompressed_header()

Michael Niedermayer michael at niedermayer.cc
Sat Dec 14 19:43:24 EET 2019


Fixes: assertion failure
Fixes: 19301/clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_FRAME_MERGE_fuzzer-5743212006473728

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavcodec/cbs_av1_syntax_template.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/cbs_av1_syntax_template.c b/libavcodec/cbs_av1_syntax_template.c
index 523f9359e4..01c180e4af 100644
--- a/libavcodec/cbs_av1_syntax_template.c
+++ b/libavcodec/cbs_av1_syntax_template.c
@@ -1601,8 +1601,6 @@ static int FUNC(frame_header_obu)(CodedBitstreamContext *ctx, RWContext *rw,
         else
             HEADER("Frame Header");
 
-        priv->seen_frame_header = 1;
-
 #ifdef READ
         start_pos = get_bits_count(rw);
 #else
@@ -1611,6 +1609,8 @@ static int FUNC(frame_header_obu)(CodedBitstreamContext *ctx, RWContext *rw,
 
         CHECK(FUNC(uncompressed_header)(ctx, rw, current));
 
+        priv->seen_frame_header = 1;
+
         if (current->show_existing_frame) {
             priv->seen_frame_header = 0;
         } else {
-- 
2.24.0



More information about the ffmpeg-devel mailing list