Signed-off-by: James Almer <jamr...@gmail.com>
---
libavformat/evc.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/libavformat/evc.c b/libavformat/evc.c
index 9d0fe8d84c..1803069a7d 100644
--- a/libavformat/evc.c
+++ b/libavformat/evc.c
@@ -88,17 +88,19 @@ static int evcc_parse_sps(const uint8_t *bs, int bs_size,
EVCDecoderConfiguratio
{
GetBitContext gb;
unsigned sps_seq_parameter_set_id;
+ int ret;
bs += EVC_NALU_HEADER_SIZE;
bs_size -= EVC_NALU_HEADER_SIZE;
- if (init_get_bits8(&gb, bs, bs_size) < 0)
- return 0;
+ ret = init_get_bits8(&gb, bs, bs_size);
+ if (ret < 0)
+ return ret;
sps_seq_parameter_set_id = get_ue_golomb_31(&gb);
if (sps_seq_parameter_set_id >= EVC_MAX_SPS_COUNT)
- return 0;
+ return AVERROR_INVALIDDATA;
// the Baseline profile is indicated by profile_idc eqal to 0
// the Main profile is indicated by profile_idc eqal to 1
@@ -114,12 +116,17 @@ static int evcc_parse_sps(const uint8_t *bs, int bs_size,
EVCDecoderConfiguratio
// 2 - 4:2:2
// 3 - 4:4:4
evcc->chroma_format_idc = get_ue_golomb_31(&gb);
+ if (sps_seq_parameter_set_id > 3)
+ return AVERROR_INVALIDDATA;
evcc->pic_width_in_luma_samples = get_ue_golomb_long(&gb);
evcc->pic_height_in_luma_samples = get_ue_golomb_long(&gb);
evcc->bit_depth_luma_minus8 = get_ue_golomb_31(&gb);
evcc->bit_depth_chroma_minus8 = get_ue_golomb_31(&gb);
+ // EVCDecoderConfigurationRecord can't store values > 7. Limit it to bit
depth 14.
+ if (evcc->bit_depth_luma_minus8 > 6 || evcc->bit_depth_chroma_minus8 > 6)
+ return AVERROR_INVALIDDATA;
return 0;
}
--
2.41.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
