virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-04 22:03:09 +02:00
Code Issues Releases Activity

avcodec/hevc/hevcdec: move the slice header buffer overread check up in the function

Browse Source 
Abort as soon as we're done reading the slice header instead of running extra checks
that assume slice data may follow.

Signed-off-by: James Almer <jamrial@gmail.com>
This commit is contained in:
James Almer
2025-05-02 16:28:24 -03:00
parent d34c738435
commit 0af1d69959
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
libavcodec/hevc/hevcdec.c
View File

@ -1160,6 +1160,12 @@ static int hls_slice_header(SliceHeader *sh, const HEVCContext *s, GetBitContext
} }
sh->data_offset = align_get_bits(gb) - gb->buffer; sh->data_offset = align_get_bits(gb) - gb->buffer;
if (get_bits_left(gb) < 0) {
av_log(s->avctx, AV_LOG_ERROR,
"Overread slice header by %d bits\n", -get_bits_left(gb));
return AVERROR_INVALIDDATA;
}
// Inferred parameters // Inferred parameters
sh->slice_qp = 26U + pps->pic_init_qp_minus26 + sh->slice_qp_delta; sh->slice_qp = 26U + pps->pic_init_qp_minus26 + sh->slice_qp_delta;
if (sh->slice_qp > 51 || if (sh->slice_qp > 51 ||
@ -1180,12 +1186,6 @@ static int hls_slice_header(SliceHeader *sh, const HEVCContext *s, GetBitContext
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
if (get_bits_left(gb) < 0) {
av_log(s->avctx, AV_LOG_ERROR,
"Overread slice header by %d bits\n", -get_bits_left(gb));
return AVERROR_INVALIDDATA;
}
return 0; return 0;
} }