[FFmpeg-devel] [PATCH 2/4] avcodec/hevc_parse: check the size of hvcC is at least 23

Tue Jun 13 10:37:16 EEST 2023

From: Zhao Zhili <zhilizhao at tencent.com>

The code after the check skip 21 bytes and then read two bytes.

Signed-off-by: Zhao Zhili <zhilizhao at tencent.com>
---
 libavcodec/hevc_parse.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/hevc_parse.c b/libavcodec/hevc_parse.c
index 1f3beed183..7bc28fd081 100644
--- a/libavcodec/hevc_parse.c
+++ b/libavcodec/hevc_parse.c
@@ -88,8 +88,10 @@ int ff_hevc_decode_extradata(const uint8_t *data, int size, HEVCParamSets *ps,
 
     /* data[0] == 1 is configurationVersion from 14496-15.
      * data[0] == 0 is for backward compatibility predates the standard.
+     *
+     * Minimum number of bytes of hvcC with 0 numOfArrays is 23.
      */
-    if (size > 3 && ((data[0] == 1) || (data[0] == 0 && (data[1] || data[2] > 1)))) {
+    if (size >= 23 && ((data[0] == 1) || (data[0] == 0 && (data[1] || data[2] > 1)))) {
         /* It seems the extradata is encoded as hvcC format. */
         int i, j, num_arrays, nal_len_size;
 
-- 
2.25.1

