ffmpeg | branch: release/1.1 | Michael Niedermayer <michae...@gmx.at> | Thu Sep 19 16:26:25 2013 +0200| [01f9540320279954b2764645ab7136847d53d89f] | committer: Vittorio Giovara
h264_sei: check SEI size Signed-off-by: Anton Khirnov <an...@khirnov.net> Signed-off-by: Vittorio Giovara <vittorio.giov...@gmail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=01f9540320279954b2764645ab7136847d53d89f --- libavcodec/h264_sei.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c index 2e5fb65..5995a8e 100644 --- a/libavcodec/h264_sei.c +++ b/libavcodec/h264_sei.c @@ -177,6 +177,12 @@ int ff_h264_decode_sei(H264Context *h){ size+= show_bits(&s->gb, 8); }while(get_bits(&s->gb, 8) == 255); + if (size > get_bits_left(&s->gb) / 8) { + av_log(s->avctx, AV_LOG_ERROR, "SEI type %d truncated at %d\n", + type, get_bits_left(&s->gb)); + return AVERROR_INVALIDDATA; + } + switch(type){ case SEI_TYPE_PIC_TIMING: // Picture timing SEI if(decode_picture_timing(h) < 0) _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
