[FFmpeg-cvslog] avcodec/cbs_h2645: Fix potential out-of-bounds array access
Andreas Rheinhardt
git at videolan.org
Thu Jul 2 14:12:17 EEST 2020
ffmpeg | branch: release/4.0 | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Wed Sep 18 05:25:58 2019 +0200| [41fba5d5a0331573087a93ac7bbd5c28c547bc17] | committer: Andreas Rheinhardt
avcodec/cbs_h2645: Fix potential out-of-bounds array access
The maximum allowed index for an array access is FF_ARRAY_ELEMS - 1; yet
the current code allowed FF_ARRAY_ELEMS. This wasn't dangerous in practice,
as parameter sets with invalid ids were already filtered out during
reading.
Found via PVS-Studio (see ticket #8156).
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
(cherry picked from commit f3333c3c67e8825a4468120bb8aa0943c72c03f3)
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=41fba5d5a0331573087a93ac7bbd5c28c547bc17
---
libavcodec/cbs_h2645.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
index c40430120b..580f47571c 100644
--- a/libavcodec/cbs_h2645.c
+++ b/libavcodec/cbs_h2645.c
@@ -666,7 +666,7 @@ static int cbs_h26 ## h26n ## _replace_ ## ps_var(CodedBitstreamContext *ctx, \
{ \
CodedBitstreamH26 ## h26n ## Context *priv = ctx->priv_data; \
unsigned int id = ps_var->id_element; \
- if (id > FF_ARRAY_ELEMS(priv->ps_var)) { \
+ if (id >= FF_ARRAY_ELEMS(priv->ps_var)) { \
av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid " #ps_name \
" id : %d.\n", id); \
return AVERROR_INVALIDDATA; \
More information about the ffmpeg-cvslog
mailing list