From 7d4c38d58d01832498302a5fc224880f1bd8b494 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Tue, 7 May 2013 07:25:10 +0200 Subject: [PATCH] h264: check for luma and chroma bit depth being equal The decoder assumes a single bit depth for all the planes while the specification allows different bit depths for luma and chroma. Avoid the possible problems described in CVE-2013-2277 Conflicts: libavcodec/h264.c --- libavcodec/h264.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 739b9d2e51..ae2cf23a64 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -3867,6 +3867,12 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){ if(avctx->has_b_frames < 2) avctx->has_b_frames= !s->low_delay; + if (h->sps.bit_depth_luma != h->sps.bit_depth_chroma) { + av_log_missing_feature(s->avctx, + "Different bit depth between chroma and luma", 1); + return AVERROR_PATCHWELCOME; + } + if (avctx->bits_per_raw_sample != h->sps.bit_depth_luma) { if (h->sps.bit_depth_luma >= 8 && h->sps.bit_depth_luma <= 10) { avctx->bits_per_raw_sample = h->sps.bit_depth_luma;