From a7a07cc98ac548297b5b0628cb81280e11952e3f Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 10 Jan 2014 21:32:04 +0100 Subject: [PATCH] hevc: check that VPS referenced from SPS exists This matches how its done for SPS/PPS. Fixes null pointer dereference. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Luca Barbato --- libavcodec/hevc_ps.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 372ce2896b..1ce8d2ebcb 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -633,6 +633,13 @@ int ff_hevc_decode_nal_sps(HEVCContext *s) goto err; } + if (!s->vps_list[sps->vps_id]) { + av_log(s->avctx, AV_LOG_ERROR, "VPS %d does not exist\n", + sps->vps_id); + ret = AVERROR_INVALIDDATA; + goto err; + } + sps->max_sub_layers = get_bits(gb, 3) + 1; if (sps->max_sub_layers > MAX_SUB_LAYERS) { av_log(s->avctx, AV_LOG_ERROR, "sps_max_sub_layers out of range: %d\n",