From d866f49791c11f730ce3d277b16524220ca74f6d Mon Sep 17 00:00:00 2001
From: Frank Plowman <post@frankplowman.com>
Date: Mon, 3 Jun 2024 14:06:35 +0100
Subject: [PATCH] lavc/vvc: Reallocate pixel buffers if pixel shift changes

Allocations in the following lines depend on the pixel shift, and so
these buffers must be reallocated if the pixel shift changes.  Patch
fixes segmentation faults in fuzzed bitstreams.

Signed-off-by: Frank Plowman <post@frankplowman.com>
---
 libavcodec/vvc/dec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/vvc/dec.c b/libavcodec/vvc/dec.c
index e53ad4e607..f5603306f3 100644
--- a/libavcodec/vvc/dec.c
+++ b/libavcodec/vvc/dec.c
@@ -214,7 +214,8 @@ static void pixel_buffer_nz_tl_init(TabList *l, VVCFrameContext *fc)
     const int c_end      = chroma_idc ? VVC_MAX_SAMPLE_ARRAYS : 1;
     const int changed    = fc->tab.sz.chroma_format_idc != chroma_idc ||
         fc->tab.sz.width != width || fc->tab.sz.height != height ||
-        fc->tab.sz.ctu_width != ctu_width || fc->tab.sz.ctu_height != ctu_height;
+        fc->tab.sz.ctu_width != ctu_width || fc->tab.sz.ctu_height != ctu_height ||
+        fc->tab.sz.pixel_shift != ps;
 
     tl_init(l, 0, changed);