[FFmpeg-cvslog] hevc: check that the VCL NAL types are the same for all slice segments of a frame
Anton Khirnov
git at videolan.org
Tue Feb 4 13:52:30 CET 2014
ffmpeg | branch: master | Anton Khirnov <anton at khirnov.net> | Sun Feb 2 13:35:48 2014 +0100| [b25e84b7399bd91605596b67d761d3464dbe8a6e] | committer: Anton Khirnov
hevc: check that the VCL NAL types are the same for all slice segments of a frame
Fixes possible invalid memory access for mismatching skipped/non-skipped
slice segments.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Sample-Id: 00001533-google
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b25e84b7399bd91605596b67d761d3464dbe8a6e
---
libavcodec/hevc.c | 8 ++++++++
libavcodec/hevc.h | 2 ++
2 files changed, 10 insertions(+)
diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index bc89b17..8d9324a 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -2471,6 +2471,7 @@ static int hevc_frame_start(HEVCContext *s)
lc->start_of_tiles_x = 0;
s->is_decoded = 0;
+ s->first_nal_type = s->nal_unit_type;
if (s->pps->tiles_enabled_flag)
lc->end_of_tiles_x = s->pps->column_width[0] << s->sps->log2_ctb_size;
@@ -2595,6 +2596,13 @@ static int decode_nal_unit(HEVCContext *s, const uint8_t *nal, int length)
return AVERROR_INVALIDDATA;
}
+ if (s->nal_unit_type != s->first_nal_type) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "Non-matching NAL types of the VCL NALUs: %d %d\n",
+ s->first_nal_type, s->nal_unit_type);
+ return AVERROR_INVALIDDATA;
+ }
+
if (!s->sh.dependent_slice_segment_flag &&
s->sh.slice_type != I_SLICE) {
ret = ff_hevc_slice_rpl(s);
diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
index a674899..accfcb6 100644
--- a/libavcodec/hevc.h
+++ b/libavcodec/hevc.h
@@ -840,6 +840,8 @@ typedef struct HEVCContext {
HEVCNAL *nals;
int nb_nals;
int nals_allocated;
+ // type of the first VCL NAL of the current frame
+ enum NALUnitType first_nal_type;
// for checking the frame checksums
struct AVMD5 *md5_ctx;
More information about the ffmpeg-cvslog
mailing list