[FFmpeg-cvslog] hevc: do generic validation of bitstream

Christophe Gisquet git at videolan.org
Mon Aug 11 03:06:14 CEST 2014 

ffmpeg | branch: master | Christophe Gisquet <christophe.gisquet at gmail.com> | Sun Aug 10 19:22:06 2014 +0200| [5ec85c9750f0770383b781acd6362a8bebbf4db6] | committer: Michael Niedermayer

hevc: do generic validation of bitstream

After finishing parsing VPS/SPS/PPS/slice header, check remaining bits,
and if an overconsumption occurred, report invalid data.

Liked-by: BBB
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5ec85c9750f0770383b781acd6362a8bebbf4db6
---

 libavcodec/hevc.c    |    6 ++++++
 libavcodec/hevc_ps.c |   18 ++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index 829b5d1..3170d84 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -740,6 +740,12 @@ static int hls_slice_header(HEVCContext *s)
         return AVERROR_INVALIDDATA;
     }
 
+    if (get_bits_left(gb) < 0) {
+        av_log(s->avctx, AV_LOG_ERROR,
+               "Overread slice header by %d bits\n", -get_bits_left(gb));
+        return AVERROR_INVALIDDATA;
+    }
+
     s->HEVClc->first_qp_group = !s->sh.dependent_slice_segment_flag;
 
     if (!s->pps->cu_qp_delta_enabled_flag)
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index fe974bc..163c5e4 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -452,6 +452,12 @@ int ff_hevc_decode_nal_vps(HEVCContext *s)
     }
     get_bits1(gb); /* vps_extension_flag */
 
+    if (get_bits_left(gb) < 0) {
+        av_log(s->avctx, AV_LOG_ERROR,
+               "Overread VPS by %d bits\n", -get_bits_left(gb));
+        goto err;
+    }
+
     av_buffer_unref(&s->vps_list[vps_id]);
     s->vps_list[vps_id] = vps_buf;
     return 0;
@@ -1050,6 +1056,12 @@ int ff_hevc_decode_nal_sps(HEVCContext *s)
         goto err;
     }
 
+    if (get_bits_left(gb) < 0) {
+        av_log(s->avctx, AV_LOG_ERROR,
+               "Overread SPS by %d bits\n", -get_bits_left(gb));
+        goto err;
+    }
+
     if (s->avctx->debug & FF_DEBUG_BITSTREAM) {
         av_log(s->avctx, AV_LOG_DEBUG,
                "Parsed SPS: id %d; coded wxh: %dx%d; "
@@ -1473,6 +1485,12 @@ int ff_hevc_decode_nal_pps(HEVCContext *s)
         }
     }
 
+    if (get_bits_left(gb) < 0) {
+        av_log(s->avctx, AV_LOG_ERROR,
+               "Overread PPS by %d bits\n", -get_bits_left(gb));
+        goto err;
+    }
+
     av_buffer_unref(&s->pps_list[pps_id]);
     s->pps_list[pps_id] = pps_buf;

More information about the ffmpeg-cvslog mailing list