shithub: dav1d

Download patch

ref: 77bbf721e7fc6225258645ec4ef9f34b0464867f
parent: a90a691dd263b947bd937f6049c35246df06fadc
author: Janne Grunau <janne-vlc@jannau.net>
date: Mon Nov 26 07:35:59 EST 2018 

obu: error out on missing frame_hdrs in ref frames with frame_ref_short_signaling

Fixes a NULL derefence with
clusterfuzz-testcase-minimized-dav1d_fuzzer-5724731362246656. Credits to
oss-fuzz.


--- a/src/obu.c
+++ b/src/obu.c
@@ -458,11 +458,13 @@
 
             int shifted_frame_offset[8];
             const int current_frame_offset = 1 << (seqhdr->order_hint_n_bits - 1);
-            for (int i = 0; i < 8; i++)
+            for (int i = 0; i < 8; i++) {
+                if (!c->refs[i].p.p.frame_hdr) goto error;
                 shifted_frame_offset[i] = current_frame_offset +
                     get_poc_diff(seqhdr->order_hint_n_bits,
                                  c->refs[i].p.p.frame_hdr->frame_offset,
                                  hdr->frame_offset);
+            }
 
             int used_frame[8] = { 0 };
             used_frame[hdr->refidx[0]] = 1;