shithub: dav1d

Download patch

ref: a408309589e909f759d7ecc7adf86d939fd2fc9f
parent: aee656d763cd9a6d1d1d4b248c8464cf8399bbb6
author: Janne Grunau <janne-vlc@jannau.net>
date: Wed Nov 28 16:08:05 EST 2018 

obu/film grain: check ref frame frame_hdr before use

Fixes NULL dereference with
clusterfuzz-testcase-minimized-dav1d_fuzzer_mt-5649526686220288. Credits
to oss-fuzz.


--- a/src/obu.c
+++ b/src/obu.c
@@ -1040,7 +1040,7 @@
             for (i = 0; i < 7; i++)
                 if (hdr->refidx[i] == refidx)
                     break;
-            if (i == 7) goto error;
+            if (i == 7 || !c->refs[refidx].p.p.frame_hdr)  goto error;
             hdr->film_grain.data = c->refs[refidx].p.p.frame_hdr->film_grain.data;
             hdr->film_grain.data.seed = seed;
         } else {