[FFmpeg-cvslog] avcodec/hevc: Check offset_len
Michael Niedermayer
git at videolan.org
Wed Jun 17 22:09:40 CEST 2015
ffmpeg | branch: release/2.2 | Michael Niedermayer <michaelni at gmx.at> | Wed May 13 13:13:07 2015 +0200| [eed8ccd9eb3eb37e7ba09c5fb921f7db76d305ae] | committer: Michael Niedermayer
avcodec/hevc: Check offset_len
Fixes CID1239099 part 1
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 3e9d5e16ad9799f6b6faae4f21120d23146b84c9)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eed8ccd9eb3eb37e7ba09c5fb921f7db76d305ae
---
libavcodec/hevc.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index 2d81a3a..7b2bd15 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -649,6 +649,13 @@ static int hls_slice_header(HEVCContext *s)
int offset_len = get_ue_golomb_long(gb) + 1;
int segments = offset_len >> 4;
int rest = (offset_len & 15);
+
+ if (offset_len < 1 || offset_len > 32) {
+ sh->num_entry_point_offsets = 0;
+ av_log(s->avctx, AV_LOG_ERROR, "offset_len %d is invalid\n", offset_len);
+ return AVERROR_INVALIDDATA;
+ }
+
av_freep(&sh->entry_point_offset);
av_freep(&sh->offset);
av_freep(&sh->size);
More information about the ffmpeg-cvslog
mailing list