RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/hevc: Check num_entry_point_offsets 

Fixes CID1239099 part 2

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2015-05-13 13:21:52 +02:00
parent 3e9d5e16ad
commit 1c6ae98d4a
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libavcodec/hevc.c
View File

@ -707,7 +707,14 @@ static int hls_slice_header(HEVCContext *s)
sh->num_entry_point_offsets = 0; sh->num_entry_point_offsets = 0;
if (s->pps->tiles_enabled_flag || s->pps->entropy_coding_sync_enabled_flag) { if (s->pps->tiles_enabled_flag || s->pps->entropy_coding_sync_enabled_flag) {
sh->num_entry_point_offsets = get_ue_golomb_long(gb); unsigned num_entry_point_offsets = get_ue_golomb_long(gb);
// It would be possible to bound this tighter but this here is simpler
if (sh->num_entry_point_offsets > get_bits_left(gb)) {
av_log(s->avctx, AV_LOG_ERROR, "num_entry_point_offsets %d is invalid\n", num_entry_point_offsets);
return AVERROR_INVALIDDATA;
}
sh->num_entry_point_offsets = num_entry_point_offsets;
if (sh->num_entry_point_offsets > 0) { if (sh->num_entry_point_offsets > 0) {
int offset_len = get_ue_golomb_long(gb) + 1; int offset_len = get_ue_golomb_long(gb) + 1;
int segments = offset_len >> 4; int segments = offset_len >> 4;