On 2012-11-26 13:22:51 +0100, Kostya Shishkov wrote:
> On Mon, Nov 26, 2012 at 01:06:18PM +0100, Janne Grunau wrote:
> > Fixes infinitive or long taking loop in frame num gap code in
> > the fuzzed sample bipbop234.ts_s223302.
> >
> > CC: libav-sta...@libav.org
> > ---
> > libavcodec/h264_ps.c | 9 +++++++++
> > 1 file changed, 9 insertions(+)
> >
> > diff --git a/libavcodec/h264_ps.c b/libavcodec/h264_ps.c
> > index 810f69f..dc6b676 100644
> > --- a/libavcodec/h264_ps.c
> > +++ b/libavcodec/h264_ps.c
> > @@ -37,6 +37,9 @@
> > //#undef NDEBUG
> > #include <assert.h>
> >
> > +#define MAX_LOG2_MAX_FRAME_NUM (12 + 4)
> > +#define MIN_LOG2_MAX_FRAME_NUM 4
> > +
> > static const AVRational pixel_aspect[17]={
> > {0, 1},
> > {1, 1},
> > @@ -349,6 +352,12 @@ int ff_h264_decode_seq_parameter_set(H264Context *h){
> > }
> >
> > sps->log2_max_frame_num= get_ue_golomb(&s->gb) + 4;
> > + if (sps->log2_max_frame_num > MAX_LOG2_MAX_FRAME_NUM ||
> > + sps->log2_max_frame_num < MIN_LOG2_MAX_FRAME_NUM) {
> > + av_log(h->s.avctx, AV_LOG_ERROR, "log2_max_frame_num out of range "
> > + "(4-16): %d\n", sps->log2_max_frame_num);
> > + return AVERROR_INVALIDDATA;
> > + }
> > sps->poc_type= get_ue_golomb_31(&s->gb);
> >
> > if(sps->poc_type == 0){ //FIXME #define
> > --
>
> LGTM though I suspect it's useless to check for the minimum size (unless it
> overflows).
The min check is added to protect against overflows. The sample in the
commit msg doesn't overflow but is only slightly lower than INT_MAX.
Janne
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
