ffmpeg | branch: release/2.4 | Michael Niedermayer <michae...@gmx.at> | Tue May 12 19:28:15 2015 +0200| [f30ab69b38324d156f0511c2c59a4f0d232c2b88] | committer: Michael Niedermayer
avformat/hevc: Check num_negative_pics and num_positive_pics Fixes CID1238994 Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit b62b3292d8e25d3240e462c1b1cd8ac69195c46b) Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f30ab69b38324d156f0511c2c59a4f0d232c2b88 --- libavformat/hevc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/hevc.c b/libavformat/hevc.c index 8ef3c1f..c92e9eb 100644 --- a/libavformat/hevc.c +++ b/libavformat/hevc.c @@ -462,6 +462,9 @@ static int parse_rps(GetBitContext *gb, unsigned int rps_idx, unsigned int num_negative_pics = get_ue_golomb_long(gb); unsigned int num_positive_pics = get_ue_golomb_long(gb); + if ((num_positive_pics + (uint64_t)num_negative_pics) * 2 > get_bits_left(gb)) + return AVERROR_INVALIDDATA; + num_delta_pocs[rps_idx] = num_negative_pics + num_positive_pics; for (i = 0; i < num_negative_pics; i++) { _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
