[FFmpeg-cvslog] avcodec/hevc_ps: More completely check vps_num_layer_sets

Michael Niedermayer git at videolan.org
Tue Jun 2 00:50:10 CEST 2015


ffmpeg | branch: release/2.4 | Michael Niedermayer <michaelni at gmx.at> | Wed May 13 13:35:37 2015 +0200| [65b47dddcf3511a13dabefd05a09190183d89548] | committer: Michael Niedermayer

avcodec/hevc_ps: More completely check vps_num_layer_sets

Fixes CID1239052  part1

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 16c95b107365cdbfcde1945370b59fc7e17e0309)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=65b47dddcf3511a13dabefd05a09190183d89548
---

 libavcodec/hevc_ps.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index d7e78b1..45b92e1 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -424,7 +424,8 @@ int ff_hevc_decode_nal_vps(HEVCContext *s)
 
     vps->vps_max_layer_id   = get_bits(gb, 6);
     vps->vps_num_layer_sets = get_ue_golomb_long(gb) + 1;
-    if ((vps->vps_num_layer_sets - 1LL) * (vps->vps_max_layer_id + 1LL) > get_bits_left(gb)) {
+    if (vps->vps_num_layer_sets < 1 || vps->vps_num_layer_sets > 1024 ||
+        (vps->vps_num_layer_sets - 1LL) * (vps->vps_max_layer_id + 1LL) > get_bits_left(gb)) {
         av_log(s->avctx, AV_LOG_ERROR, "too many layer_id_included_flags\n");
         goto err;
     }



More information about the ffmpeg-cvslog mailing list