On Wed, Sep 07, 2016 at 04:53:53PM +0200, Matthieu Bouron wrote:
> From: Matthieu Bouron <matthieu.bou...@stupeflix.com>
>
> ---
> libavcodec/hevc.h | 9 +++++++++
> libavcodec/hevc_ps.c | 27 +++++++++++++++++++++++++++
> 2 files changed, 36 insertions(+)
>
> diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
> index be91010..6a3c750 100644
> --- a/libavcodec/hevc.h
> +++ b/libavcodec/hevc.h
> @@ -387,6 +387,9 @@ typedef struct HEVCVPS {
> uint8_t vps_poc_proportional_to_timing_flag;
> int vps_num_ticks_poc_diff_one; ///< vps_num_ticks_poc_diff_one_minus1 +
> 1
> int vps_num_hrd_parameters;
> +
> + uint8_t data[4096];
> + int data_size;
> } HEVCVPS;
>
> typedef struct ScalingList {
> @@ -483,6 +486,9 @@ typedef struct HEVCSPS {
> int vshift[3];
>
> int qp_bd_offset;
> +
> + uint8_t data[4096];
> + int data_size;
> } HEVCSPS;
>
> typedef struct HEVCPPS {
> @@ -557,6 +563,9 @@ typedef struct HEVCPPS {
> int *tile_pos_rs; ///< TilePosRS
> int *min_tb_addr_zs; ///< MinTbAddrZS
> int *min_tb_addr_zs_tab;///< MinTbAddrZS
> +
> + uint8_t data[4096];
> + int data_size;
> } HEVCPPS;
>
> typedef struct HEVCParamSets {
> diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
> index 83f2ec2..629e454 100644
> --- a/libavcodec/hevc_ps.c
> +++ b/libavcodec/hevc_ps.c
> @@ -408,6 +408,15 @@ int ff_hevc_decode_nal_vps(GetBitContext *gb,
> AVCodecContext *avctx,
>
> av_log(avctx, AV_LOG_DEBUG, "Decoding VPS\n");
>
> + vps->data_size = gb->buffer_end - gb->buffer;This theoretically could overflow, data_size is only an int the pointer difference might be larger [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Avoid a single point of failure, be that a person or equipment.
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
