RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/cbs_h2645: Fix potential out-of-bounds array access 

The maximum allowed index for an array access is FF_ARRAY_ELEMS - 1; yet
the current code allowed FF_ARRAY_ELEMS. This wasn't dangerous in practice,
as parameter sets with invalid ids were already filtered out during
reading.

Found via PVS-Studio (see ticket #8156).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
(cherry picked from commit f3333c3c67)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This commit is contained in:
Andreas Rheinhardt 2019-09-18 05:25:58 +02:00
parent 2bcf99b8fa
commit 41fba5d5a0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/cbs_h2645.c
View File

@ -666,7 +666,7 @@ static int cbs_h26 ## h26n ## _replace_ ## ps_var(CodedBitstreamContext *ctx, \
{ \
CodedBitstreamH26 ## h26n ## Context *priv = ctx->priv_data; \
unsigned int id = ps_var->id_element; \
if (id > FF_ARRAY_ELEMS(priv->ps_var)) { \
if (id >= FF_ARRAY_ELEMS(priv->ps_var)) { \
av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid " #ps_name \
" id : %d.\n", id); \
return AVERROR_INVALIDDATA; \