[FFmpeg-devel] [libav-devel] [PATCH] hevc: validate slice address length

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Fri Jul 10 20:17:49 CEST 2015


On 10.07.2015 20:01, Anton Khirnov wrote:
> Quoting Andreas Cadhalpun (2015-07-10 19:49:36)
>> It is used as get_bits argument and reading 0 bits doesn't make sense.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>>  libavcodec/hevc.c        | 6 ++++++
>>  libavcodec/hevc_parser.c | 6 ++++++
>>  2 files changed, 12 insertions(+)
>>
>> diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
>> index 38734f0..d47af16 100644
>> --- a/libavcodec/hevc.c
>> +++ b/libavcodec/hevc.c
>> @@ -459,6 +459,12 @@ static int hls_slice_header(HEVCContext *s)
>>  
>>          slice_address_length = av_ceil_log2(s->sps->ctb_width *
>>                                              s->sps->ctb_height);
>> +        if (slice_address_length <= 0) {
>> +            av_log(s->avctx, AV_LOG_ERROR,
>> +                   "Invalid slice address length: %d\n",
>> +                   slice_address_length);
>> +            return AVERROR_INVALIDDATA;
> 
> No, this is not invalid. Having a picture of 1x1 CTB is perfectly valid,
> then the spec mandates that slice_segment_addr is 0.

OK, then let's make that explicit. New patch attached.

> Does get_bits() really not just return 0 on trying to read 0 bits?

The comment for get_bits() says: 'Read 1-25 bits.'

Best regards,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-hevc-check-slice-address-length.patch
Type: text/x-diff
Size: 1998 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150710/722d5f6c/attachment.patch>


More information about the ffmpeg-devel mailing list