[FFmpeg-cvslog] avcodec/hevc: Check offset_len

Michael Niedermayer git at videolan.org
Wed Jun 17 22:09:40 CEST 2015


ffmpeg | branch: release/2.2 | Michael Niedermayer <michaelni at gmx.at> | Wed May 13 13:13:07 2015 +0200| [eed8ccd9eb3eb37e7ba09c5fb921f7db76d305ae] | committer: Michael Niedermayer

avcodec/hevc: Check offset_len

Fixes CID1239099 part 1

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 3e9d5e16ad9799f6b6faae4f21120d23146b84c9)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eed8ccd9eb3eb37e7ba09c5fb921f7db76d305ae
---

 libavcodec/hevc.c |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index 2d81a3a..7b2bd15 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -649,6 +649,13 @@ static int hls_slice_header(HEVCContext *s)
             int offset_len = get_ue_golomb_long(gb) + 1;
             int segments = offset_len >> 4;
             int rest = (offset_len & 15);
+
+            if (offset_len < 1 || offset_len > 32) {
+                sh->num_entry_point_offsets = 0;
+                av_log(s->avctx, AV_LOG_ERROR, "offset_len %d is invalid\n", offset_len);
+                return AVERROR_INVALIDDATA;
+            }
+
             av_freep(&sh->entry_point_offset);
             av_freep(&sh->offset);
             av_freep(&sh->size);



More information about the ffmpeg-cvslog mailing list