HEVC Decoder OOB Read

Question

HEVC Decoder OOB Read

3331 opened this issue 5 months ago · 1 comments

There is an out of bounds read bug in the HEVC decoder that some times causes artifacts to be rendered while watching HEVC content, I tracked it down to these 2 lines:

https://github.com/elFarto/nvidia-vaapi-driver/blob/master/src/hevc.c#L291
https://github.com/elFarto/nvidia-vaapi-driver/blob/master/src/hevc.c#L296

            if (i < 2)
                ppc->ScalingList32x32[i][j] = iq->ScalingList32x32[i * 3][pos];
        }

        ppc->ScalingListDCCoeff16x16[i] = iq->ScalingListDC16x16[i];
        if (i < 2)
            ppc->ScalingListDCCoeff32x32[i] = iq->ScalingListDC32x32[i * 3];

It should be and fixes rendering issues afaict:

            if (i < 2)
                ppc->ScalingList32x32[i][j] = iq->ScalingList32x32[i][pos];
        }

        ppc->ScalingListDCCoeff16x16[i] = iq->ScalingListDC16x16[i];
        if (i < 2)
            ppc->ScalingListDCCoeff32x32[i] = iq->ScalingListDC32x32[i];

Answer 1 · 2024-05-08T06:39:09.000Z

Thanks for pointing those out, I've applied the fix in master.