[FFmpeg-cvslog] avcodec/ff_h264_decode_sei: Check SEI size
Michael Niedermayer
git at videolan.org
Sun Jul 21 18:03:38 CEST 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sun Jul 21 16:38:47 2013 +0200| [45da7a0e8f271b32202424358393aa249a939028] | committer: Michael Niedermayer
avcodec/ff_h264_decode_sei: Check SEI size
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=45da7a0e8f271b32202424358393aa249a939028
---
libavcodec/h264_sei.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c
index 3003080..5e4321f 100644
--- a/libavcodec/h264_sei.c
+++ b/libavcodec/h264_sei.c
@@ -264,6 +264,11 @@ int ff_h264_decode_sei(H264Context *h){
if(h->avctx->debug&FF_DEBUG_STARTCODE)
av_log(h->avctx, AV_LOG_DEBUG, "SEI %d len:%d\n", type, size);
+ if (size > get_bits_left(&h->gb) / 8) {
+ av_log(h->avctx, AV_LOG_ERROR, "SEI truncated\n");
+ return AVERROR_INVALIDDATA;
+ }
+
switch(type){
case SEI_TYPE_PIC_TIMING: // Picture timing SEI
if(decode_picture_timing(h) < 0)
More information about the ffmpeg-cvslog
mailing list