Security context

What an agent needs to avoid regressing past fixes and find the next vuln in this repo.

videolan/dav1d
master @ 54706fc
40
Fixes
0
CVEs
HIGH
Peak severity
Highlights
Memory Corruption: 19 prior fixes. Scrutinize any change in this area.
src/decode.c: most-fixed (7 issues). Treat as high-risk during review.
27 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns

The bug types that recur here, drawn from past fixes, not open vulnerabilities.

Memory Corruption: Several critical buffer overflows, double-frees, and out-of-bounds writes occur during tile setup, segment ID handling, and context frame-exit reference management. Robust validation of tile indices, segment limits, and unconditional cleanups on early error paths are vital.
Memory Corruption: Out-of-bounds reads and writes frequently occur in vertical motion compensation filtering assembly when handling non-standard, odd-sized block dimensions (such as 2x6 and 4x6 sizes) due to inadequate loop-unrolling boundaries.
Integer Overflow: Parsing variable-length integers (LEB128/ULEB128) in the bitstream parser can trigger undefined behavior or overflows when left-shifting 32-bit values by 32 or more positions without strict width constraints.