Highlights
Memory Corruption: 19 prior fixes. Scrutinize any change in this area.
src/decode.c: most-fixed (7 issues). Treat as high-risk during review.
27 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Memory Corruption: Several critical buffer overflows, double-frees, and out-of-bounds writes occur during tile setup, segment ID handling, and context frame-exit reference management. Robust validation of tile indices, segment limits, and unconditional cleanups on early error paths are vital.
Memory Corruption: Out-of-bounds reads and writes frequently occur in vertical motion compensation filtering assembly when handling non-standard, odd-sized block dimensions (such as 2x6 and 4x6 sizes) due to inadequate loop-unrolling boundaries.
Integer Overflow: Parsing variable-length integers (LEB128/ULEB128) in the bitstream parser can trigger undefined behavior or overflows when left-shifting 32-bit values by 32 or more positions without strict width constraints.