It is used as get_bits argument and reading 0 bits doesn't make sense. Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> --- libavcodec/hevc.c | 6 ++++++ libavcodec/hevc_parser.c | 6 ++++++ 2 files changed, 12 insertions(+)
diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 38734f0..d47af16 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -459,6 +459,12 @@ static int hls_slice_header(HEVCContext *s) slice_address_length = av_ceil_log2(s->sps->ctb_width * s->sps->ctb_height); + if (slice_address_length <= 0) { + av_log(s->avctx, AV_LOG_ERROR, + "Invalid slice address length: %d\n", + slice_address_length); + return AVERROR_INVALIDDATA; + } sh->slice_segment_addr = get_bits(gb, slice_address_length); if (sh->slice_segment_addr >= s->sps->ctb_width * s->sps->ctb_height) { av_log(s->avctx, AV_LOG_ERROR, diff --git a/libavcodec/hevc_parser.c b/libavcodec/hevc_parser.c index 3c7c3c3..3025e4d 100644 --- a/libavcodec/hevc_parser.c +++ b/libavcodec/hevc_parser.c @@ -200,6 +200,12 @@ static inline int parse_nal_units(AVCodecParserContext *s, AVCodecContext *avctx slice_address_length = av_ceil_log2_c(h->sps->ctb_width * h->sps->ctb_height); + if (slice_address_length <= 0) { + av_log(h->avctx, AV_LOG_ERROR, + "Invalid slice address length: %d\n", + slice_address_length); + return AVERROR_INVALIDDATA; + } sh->slice_segment_addr = get_bits(gb, slice_address_length); if (sh->slice_segment_addr >= h->sps->ctb_width * h->sps->ctb_height) { av_log(h->avctx, AV_LOG_ERROR, "Invalid slice segment address: %u.\n", -- 2.1.4 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel