search

elFarto / nvidia-vaapi-driver

A VA-API implemention using NVIDIA's NVDEC
Other
1.15k stars 53 forks source link

HEVC Decoder OOB Read #293

Closed 3331 closed 2 months ago

3331 commented 2 months ago

There is an out of bounds read bug in the HEVC decoder that some times causes artifacts to be rendered while watching HEVC content, I tracked it down to these 2 lines:

https://github.com/elFarto/nvidia-vaapi-driver/blob/master/src/hevc.c#L291 https://github.com/elFarto/nvidia-vaapi-driver/blob/master/src/hevc.c#L296

            if (i < 2)
                ppc->ScalingList32x32[i][j] = iq->ScalingList32x32[i * 3][pos];
        }

        ppc->ScalingListDCCoeff16x16[i] = iq->ScalingListDC16x16[i];
        if (i < 2)
            ppc->ScalingListDCCoeff32x32[i] = iq->ScalingListDC32x32[i * 3];

It should be and fixes rendering issues afaict:

            if (i < 2)
                ppc->ScalingList32x32[i][j] = iq->ScalingList32x32[i][pos];
        }

        ppc->ScalingListDCCoeff16x16[i] = iq->ScalingListDC16x16[i];
        if (i < 2)
            ppc->ScalingListDCCoeff32x32[i] = iq->ScalingListDC32x32[i];
elFarto commented 2 months ago

Thanks for pointing those out, I've applied the fix in master.