avcodec/cbs_h266_syntax_template: Check bit depth with range extension

Fixes: shift exponent 62 is too large for 32-bit type 'int' Fixes: 71020/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-6444916325023744 Fixes: 71285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VVC_fuzzer-4761971281428480 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2024-09-19 22:32:36 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2024-09-24 15:37:16 +0200
commit: 9d25b9665edb45c31ad6dda9612fd6e63fc289f3 (patch)
tree: ae7ed3452f9f1463e67987fdf5ea14da9a74349c /libavcodec
parent: e9f588af9530e5e6f9422ffa0d8e8dc8f80a2ae1 (diff)
download: ffmpeg-9d25b9665edb45c31ad6dda9612fd6e63fc289f3.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/libavcodec/cbs_h266_syntax_template.c b/libavcodec/cbs_h266_syntax_template.c
index 0704da1d40..b4165b43b3 100644
--- a/libavcodec/cbs_h266_syntax_template.c
+++ b/libavcodec/cbs_h266_syntax_template.c
@@ -1645,6 +1645,8 @@ static int FUNC(sps)(CodedBitstreamContext *ctx, RWContext *rw,
         ub(7, sps_extension_7bits);
 
         if (current->sps_range_extension_flag) {
+            if (current->sps_bitdepth_minus8 <= 10 - 8)
+                return AVERROR_INVALIDDATA;
             CHECK(FUNC(sps_range_extension)(ctx, rw, current));
         } else {
             infer(sps_extended_precision_flag, 0);
author	Michael Niedermayer <michael@niedermayer.cc>	2024-09-19 22:32:36 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2024-09-24 15:37:16 +0200
commit	9d25b9665edb45c31ad6dda9612fd6e63fc289f3 (patch)
tree	ae7ed3452f9f1463e67987fdf5ea14da9a74349c /libavcodec
parent	e9f588af9530e5e6f9422ffa0d8e8dc8f80a2ae1 (diff)
download	ffmpeg-9d25b9665edb45c31ad6dda9612fd6e63fc289f3.tar.gz