[FFmpeg-cvslog] avcodec/hevc_sei: Check num_sps_ids_minus1 value

Michael Niedermayer git at videolan.org
Wed Jun 17 22:09:40 CEST 2015


ffmpeg | branch: release/2.2 | Michael Niedermayer <michaelni at gmx.at> | Wed May 13 01:31:15 2015 +0200| [6d6acef9fb83e616d983700f824a13146c0c4a2f] | committer: Michael Niedermayer

avcodec/hevc_sei: Check num_sps_ids_minus1 value

Fixes CID1271794

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 93b0ee21a2f534f6d3b812686f3acde110e94f18)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6d6acef9fb83e616d983700f824a13146c0c4a2f
---

 libavcodec/hevc_sei.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/hevc_sei.c b/libavcodec/hevc_sei.c
index 216db37..ce9f254 100644
--- a/libavcodec/hevc_sei.c
+++ b/libavcodec/hevc_sei.c
@@ -111,6 +111,11 @@ static int active_parameter_sets(HEVCContext *s)
     get_bits(gb, 1); // num_sps_ids_minus1
     num_sps_ids_minus1 = get_ue_golomb_long(gb); // num_sps_ids_minus1
 
+    if (num_sps_ids_minus1 < 0 || num_sps_ids_minus1 > 15) {
+        av_log(s->avctx, AV_LOG_ERROR, "num_sps_ids_minus1 %d invalid\n", num_sps_ids_minus1);
+        return AVERROR_INVALIDDATA;
+    }
+
     active_seq_parameter_set_id = get_ue_golomb_long(gb);
     if (active_seq_parameter_set_id >= MAX_SPS_COUNT) {
         av_log(s->avctx, AV_LOG_ERROR, "active_parameter_set_id %d invalid\n", active_seq_parameter_set_id);



More information about the ffmpeg-cvslog mailing list