mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
hevc: check that the VCL NAL types are the same for all slice segments of a frame
Fixes possible invalid memory access for mismatching skipped/non-skipped slice segments. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Sample-Id: 00001533-google
This commit is contained in:
parent
816e5b9970
commit
b25e84b739
@ -2471,6 +2471,7 @@ static int hevc_frame_start(HEVCContext *s)
|
||||
|
||||
lc->start_of_tiles_x = 0;
|
||||
s->is_decoded = 0;
|
||||
s->first_nal_type = s->nal_unit_type;
|
||||
|
||||
if (s->pps->tiles_enabled_flag)
|
||||
lc->end_of_tiles_x = s->pps->column_width[0] << s->sps->log2_ctb_size;
|
||||
@ -2595,6 +2596,13 @@ static int decode_nal_unit(HEVCContext *s, const uint8_t *nal, int length)
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
|
||||
if (s->nal_unit_type != s->first_nal_type) {
|
||||
av_log(s->avctx, AV_LOG_ERROR,
|
||||
"Non-matching NAL types of the VCL NALUs: %d %d\n",
|
||||
s->first_nal_type, s->nal_unit_type);
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
|
||||
if (!s->sh.dependent_slice_segment_flag &&
|
||||
s->sh.slice_type != I_SLICE) {
|
||||
ret = ff_hevc_slice_rpl(s);
|
||||
|
@ -840,6 +840,8 @@ typedef struct HEVCContext {
|
||||
HEVCNAL *nals;
|
||||
int nb_nals;
|
||||
int nals_allocated;
|
||||
// type of the first VCL NAL of the current frame
|
||||
enum NALUnitType first_nal_type;
|
||||
|
||||
// for checking the frame checksums
|
||||
struct AVMD5 *md5_ctx;
|
||||
|
Loading…
Reference in New Issue
Block a user