From: Matthieu Bouron <matthieu.bou...@stupeflix.com> --- libavcodec/hevc.h | 9 +++++++++ libavcodec/hevc_ps.c | 27 +++++++++++++++++++++++++++ 2 files changed, 36 insertions(+)
diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h index be91010..6a3c750 100644 --- a/libavcodec/hevc.h +++ b/libavcodec/hevc.h @@ -387,6 +387,9 @@ typedef struct HEVCVPS { uint8_t vps_poc_proportional_to_timing_flag; int vps_num_ticks_poc_diff_one; ///< vps_num_ticks_poc_diff_one_minus1 + 1 int vps_num_hrd_parameters; + + uint8_t data[4096]; + int data_size; } HEVCVPS; typedef struct ScalingList { @@ -483,6 +486,9 @@ typedef struct HEVCSPS { int vshift[3]; int qp_bd_offset; + + uint8_t data[4096]; + int data_size; } HEVCSPS; typedef struct HEVCPPS { @@ -557,6 +563,9 @@ typedef struct HEVCPPS { int *tile_pos_rs; ///< TilePosRS int *min_tb_addr_zs; ///< MinTbAddrZS int *min_tb_addr_zs_tab;///< MinTbAddrZS + + uint8_t data[4096]; + int data_size; } HEVCPPS; typedef struct HEVCParamSets { diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 83f2ec2..629e454 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -408,6 +408,15 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb, AVCodecContext *avctx, av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n"); + vps->data_size = gb->buffer_end - gb->buffer; + if (vps->data_size > sizeof(vps->data)) { + av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized VPS " + "(%"SIZE_SPECIFIER" > %"SIZE_SPECIFIER")\n", + vps->data_size, sizeof(vps->data)); + vps->data_size = sizeof(vps->data); + } + memcpy(vps->data, gb->buffer, vps->data_size); + vps_id = get_bits(gb, 4); if (vps_id >= MAX_VPS_COUNT) { av_log(avctx, AV_LOG_ERROR, "VPS id out of range: %d\n", vps_id); @@ -1184,6 +1193,15 @@ int ff_hevc_decode_nal_sps(GetBitContext *gb, AVCodecContext *avctx, av_log(avctx, AV_LOG_DEBUG, "Decoding SPS\n"); + sps->data_size = gb->buffer_end - gb->buffer; + if (sps->data_size > sizeof(sps->data)) { + av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized SPS " + "(%"SIZE_SPECIFIER" > %"SIZE_SPECIFIER")\n", + sps->data_size, sizeof(sps->data)); + sps->data_size = sizeof(sps->data); + } + memcpy(sps->data, gb->buffer, sps->data_size); + ret = ff_hevc_parse_sps(sps, gb, &sps_id, apply_defdispwin, ps->vps_list, avctx); @@ -1423,6 +1441,15 @@ int ff_hevc_decode_nal_pps(GetBitContext *gb, AVCodecContext *avctx, av_log(avctx, AV_LOG_DEBUG, "Decoding PPS\n"); + pps->data_size = gb->buffer_end - gb->buffer; + if (pps->data_size > sizeof(pps->data)) { + av_log(avctx, AV_LOG_WARNING, "Truncating likely oversized PPS " + "(%"SIZE_SPECIFIER" > %"SIZE_SPECIFIER")\n", + pps->data_size, sizeof(pps->data)); + pps->data_size = sizeof(pps->data); + } + memcpy(pps->data, gb->buffer, pps->data_size); + // Default values pps->loop_filter_across_tiles_enabled_flag = 1; pps->num_tile_columns = 1; -- 2.9.3 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel