mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
hevc: Bound check slice_qp
The T-REC-H.265-2013044 page 79 states they have to be into the range [-s->sps->qp_bd_offset, 51]. Fixes: asan_stack-oob_eae8e3_9522_WP_MAIN10_B_Toshiba_3.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
48a5b15543
commit
aead772b58
@ -682,7 +682,17 @@ static int hls_slice_header(HEVCContext *s)
|
||||
}
|
||||
|
||||
// Inferred parameters
|
||||
sh->slice_qp = 26 + s->pps->pic_init_qp_minus26 + sh->slice_qp_delta;
|
||||
sh->slice_qp = 26U + s->pps->pic_init_qp_minus26 + sh->slice_qp_delta;
|
||||
if (sh->slice_qp > 51 ||
|
||||
sh->slice_qp < -s->sps->qp_bd_offset) {
|
||||
av_log(s->avctx, AV_LOG_ERROR,
|
||||
"The slice_qp %d is outside the valid range "
|
||||
"[%d, 51].\n",
|
||||
sh->slice_qp,
|
||||
-s->sps->qp_bd_offset);
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
|
||||
sh->slice_ctb_addr_rs = sh->slice_segment_addr;
|
||||
|
||||
s->HEVClc->first_qp_group = !s->sh.dependent_slice_segment_flag;
|
||||
|
Loading…
Reference in New Issue
Block a user