1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00

avcodec/hevc: Check num_entry_point_offsets

Fixes CID1239099 part 2

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2015-05-13 13:21:52 +02:00
parent 3e9d5e16ad
commit 1c6ae98d4a

View File

@ -707,7 +707,14 @@ static int hls_slice_header(HEVCContext *s)
sh->num_entry_point_offsets = 0; sh->num_entry_point_offsets = 0;
if (s->pps->tiles_enabled_flag || s->pps->entropy_coding_sync_enabled_flag) { if (s->pps->tiles_enabled_flag || s->pps->entropy_coding_sync_enabled_flag) {
sh->num_entry_point_offsets = get_ue_golomb_long(gb); unsigned num_entry_point_offsets = get_ue_golomb_long(gb);
// It would be possible to bound this tighter but this here is simpler
if (sh->num_entry_point_offsets > get_bits_left(gb)) {
av_log(s->avctx, AV_LOG_ERROR, "num_entry_point_offsets %d is invalid\n", num_entry_point_offsets);
return AVERROR_INVALIDDATA;
}
sh->num_entry_point_offsets = num_entry_point_offsets;
if (sh->num_entry_point_offsets > 0) { if (sh->num_entry_point_offsets > 0) {
int offset_len = get_ue_golomb_long(gb) + 1; int offset_len = get_ue_golomb_long(gb) + 1;
int segments = offset_len >> 4; int segments = offset_len >> 4;