Security context

What an agent needs to avoid regressing past fixes and find the next vuln in this repo.

darkskygit/libaom
master @ dee179d
115
Fixes
0
CVEs
HIGH
Peak severity
Highlights
Memory Corruption: 41 prior fixes. Scrutinize any change in this area.
av1/decoder/detokenize.c: most-fixed (7 issues). Treat as high-risk during review.
52 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns

The bug types that recur here, drawn from past fixes, not open vulnerabilities.

Memory Corruption: The AV1 and VP9 detokenizers suffer from frequent out-of-bounds token map indexing, context mismatches, and incorrect block size computations, leading to severe memory corruption during coefficient parsing.
Integer Overflow: Signed integer overflows and undefined behaviors occur inside the motion estimation and warp filter code when multiplying unsigned variables by negative integers or executing bitwise shift operations without casting.
Out-of-bounds Read: Insufficient remaining data or length field checks when parsing Annex B temporal delimiters, frame units, and OBUs cause the decoder to read past the end of input buffers.