[FFmpeg-cvslog] avcodec/h264: Check *log2_weight_denom

Michael Niedermayer git at videolan.org
Tue Jan 6 19:35:32 CET 2015


ffmpeg | branch: release/2.3 | Michael Niedermayer <michaelni at gmx.at> | Thu Dec 18 03:16:39 2014 +0100| [730826275fcf4e4c8466f64ade029689f23702be] | committer: Michael Niedermayer

avcodec/h264: Check *log2_weight_denom

Fixes undefined behavior
Fixes: signal_sigsegv_14768d2_2248_cov_3629497219_h264_h264___pi_20070614T182942.h264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 61296d41e2de3b41304339e4631dd44c2e15f805)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=730826275fcf4e4c8466f64ade029689f23702be
---

 libavcodec/h264.c |   10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index ce9b799..34e520d 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -991,6 +991,16 @@ int ff_pred_weight_table(H264Context *h)
     h->luma_log2_weight_denom = get_ue_golomb(&h->gb);
     if (h->sps.chroma_format_idc)
         h->chroma_log2_weight_denom = get_ue_golomb(&h->gb);
+
+    if (h->luma_log2_weight_denom > 7U) {
+        av_log(h->avctx, AV_LOG_ERROR, "luma_log2_weight_denom %d is out of range\n", h->luma_log2_weight_denom);
+        h->luma_log2_weight_denom = 0;
+    }
+    if (h->chroma_log2_weight_denom > 7U) {
+        av_log(h->avctx, AV_LOG_ERROR, "chroma_log2_weight_denom %d is out of range\n", h->chroma_log2_weight_denom);
+        h->chroma_log2_weight_denom = 0;
+    }
+
     luma_def   = 1 << h->luma_log2_weight_denom;
     chroma_def = 1 << h->chroma_log2_weight_denom;
 



More information about the ffmpeg-cvslog mailing list