libde265 Fix out of bounds memory read in apply_sao

Fix out of bounds memory read in apply_sao_internal

Open sashashura opened this issue 2 years ago • 0 comments

This PR fixes out of bounds memory read in apply_sao_internal revealed by fuzzing kimageformats: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31485

There are two issues:

saoOffsetVal is defined as int8_t saoOffsetVal[3][4];. When bandIdx is larger than 4 it leads to out of bounds memory read.
bandTable is defined as int bandTable[32]. When in_img[xC+i+(yC+j)*in_stride]>>bandShift results in > 31 it leads to out of bounds memory read.

Jul 12 '22 20:07 sashashura

libde265 libde265 copied to clipboard

Fix out of bounds memory read in apply_sao_internal

libde265
libde265 copied to clipboard