[FFmpeg-cvslog] diracdec: check that block length is valid
Andreas Cadhalpun
git at videolan.org
Wed Jun 17 22:09:36 CEST 2015
ffmpeg | branch: release/2.2 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Wed May 6 15:34:53 2015 +0200| [d29153591299a05990d1319c4b76aa7d113ba292] | committer: Michael Niedermayer
diracdec: check that block length is valid
In init_planes p->xblen and p->yblen are set to:
p->xblen = s->plane[0].xblen >> s->chroma_x_shift;
p->yblen = s->plane[0].yblen >> s->chroma_y_shift;
These are later used as block_w and block_h arguments of
s->vdsp.emulated_edge_mc. If one of them is 0 it triggers an av_assert2
in emulated_edge_mc:
av_assert2(start_x < end_x && block_w > 0);
av_assert2(start_y < end_y && block_h > 0);
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 75fc81c8318505aa7946e05a9bee08d47241fc66)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d29153591299a05990d1319c4b76aa7d113ba292
---
libavcodec/diracdec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 5579dfb..1edeab9 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -894,6 +894,14 @@ static int dirac_unpack_prediction_parameters(DiracContext *s)
/*[DIRAC_STD] 11.2.4 motion_data_dimensions()
Calculated in function dirac_unpack_block_motion_data */
+ if (s->plane[0].xblen % (1 << s->chroma_x_shift) != 0 ||
+ s->plane[0].yblen % (1 << s->chroma_y_shift) != 0 ||
+ !s->plane[0].xblen || !s->plane[0].yblen) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "invalid x/y block length (%d/%d) for x/y chroma shift (%d/%d)\n",
+ s->plane[0].xblen, s->plane[0].yblen, s->chroma_x_shift, s->chroma_y_shift);
+ return AVERROR_INVALIDDATA;
+ }
if (!s->plane[0].xbsep || !s->plane[0].ybsep || s->plane[0].xbsep < s->plane[0].xblen/2 || s->plane[0].ybsep < s->plane[0].yblen/2) {
av_log(s->avctx, AV_LOG_ERROR, "Block separation too small\n");
return -1;
More information about the ffmpeg-cvslog
mailing list