mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-11-26 19:01:44 +02:00
avcodec/evc_parse: Check tid
The check is based on not infinite looping. It is likely a more strict check can be done Fixes: Infinite loop Fixes: 62473/clusterfuzz-testcase-minimized-ffmpeg_BSF_EVC_FRAME_MERGE_fuzzer-5719883750703104 Fixes: 62765/clusterfuzz-testcase-minimized-ffmpeg_dem_EVC_fuzzer-6448531252314112 Fixes: 63378/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGPS_fuzzer-6504993844494336 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Reviewed-by: "Dawid Kozinski/Multimedia (PLT) /SRPOL/Staff Engineer/Samsung Electronics" <d.kozinski@samsung.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
parent
d35eecd24f
commit
68cc1744db
@ -174,6 +174,9 @@ int ff_evc_derive_poc(const EVCParamSets *ps, const EVCParserSliceHeader *sh,
|
|||||||
} else {
|
} else {
|
||||||
int SubGopLength = 1 << sps->log2_sub_gop_length;
|
int SubGopLength = 1 << sps->log2_sub_gop_length;
|
||||||
|
|
||||||
|
if (tid > (SubGopLength > 1 ? 1 + av_log2(SubGopLength - 1) : 0))
|
||||||
|
return AVERROR_INVALIDDATA;
|
||||||
|
|
||||||
if (tid == 0) {
|
if (tid == 0) {
|
||||||
poc->PicOrderCntVal = poc->prevPicOrderCntVal + SubGopLength;
|
poc->PicOrderCntVal = poc->prevPicOrderCntVal + SubGopLength;
|
||||||
poc->DocOffset = 0;
|
poc->DocOffset = 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user