ffmpeg | branch: release/2.4 | Michael Niedermayer <michae...@gmx.at> | Wed May 13 13:13:07 2015 +0200| [f1b0d65237532d603efc6a8a10aa1b1e6e75f3a3] | committer: Michael Niedermayer
avcodec/hevc: Check offset_len Fixes CID1239099 part 1 Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit 3e9d5e16ad9799f6b6faae4f21120d23146b84c9) Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f1b0d65237532d603efc6a8a10aa1b1e6e75f3a3 --- libavcodec/hevc.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 4551bd4..8c6b1b5 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -679,6 +679,13 @@ static int hls_slice_header(HEVCContext *s) int offset_len = get_ue_golomb_long(gb) + 1; int segments = offset_len >> 4; int rest = (offset_len & 15); + + if (offset_len < 1 || offset_len > 32) { + sh->num_entry_point_offsets = 0; + av_log(s->avctx, AV_LOG_ERROR, "offset_len %d is invalid\n", offset_len); + return AVERROR_INVALIDDATA; + } + av_freep(&sh->entry_point_offset); av_freep(&sh->offset); av_freep(&sh->size); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
