[FFmpeg-cvslog] avcodec/h264_ps: More completely check the bit depths
Michael Niedermayer
git at videolan.org
Wed Feb 11 13:24:23 CET 2015
ffmpeg | branch: release/1.2 | Michael Niedermayer <michaelni at gmx.at> | Fri Feb 6 04:11:56 2015 +0100| [4ef5605fc91d5e01611dde6532f8b91742af3c60] | committer: Michael Niedermayer
avcodec/h264_ps: More completely check the bit depths
Fixes out of array read
Fixes: asan_static-oob_30328b6_719_cov_3325483287_H264_artifacts_motion.h264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 69aa79365c1e8e1cb597d33e77bf1062c2ef47d4)
Conflicts:
libavcodec/h264_ps.c
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4ef5605fc91d5e01611dde6532f8b91742af3c60
---
libavcodec/h264_ps.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c
index 8638ce2..12a16c8 100644
--- a/libavcodec/h264_ps.c
+++ b/libavcodec/h264_ps.c
@@ -379,7 +379,9 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){
}
sps->bit_depth_luma = get_ue_golomb(&h->gb) + 8;
sps->bit_depth_chroma = get_ue_golomb(&h->gb) + 8;
- if (sps->bit_depth_luma > 14U || sps->bit_depth_chroma > 14U || sps->bit_depth_luma != sps->bit_depth_chroma) {
+ if (sps->bit_depth_luma < 8 || sps->bit_depth_luma > 14 ||
+ sps->bit_depth_chroma < 8 || sps->bit_depth_chroma > 14 ||
+ sps->bit_depth_luma != sps->bit_depth_chroma) {
av_log(h->avctx, AV_LOG_ERROR, "illegal bit depth value (%d, %d)\n",
sps->bit_depth_luma, sps->bit_depth_chroma);
goto fail;
More information about the ffmpeg-cvslog
mailing list