[FFmpeg-devel] [PATCH] avcodec/av1_parse: Check obu_size

Michael Niedermayer Sun, 14 Oct 2018 06:48:37 -0700

Fixes: out of array read
Fixes: SIGSEGV_get_obu_bit_length_av1_parse

Found-by: keval shah <skeva...@gmail.com>
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 libavcodec/av1_parse.h | 3 +++
 1 file changed, 3 insertions(+)


diff --git a/libavcodec/av1_parse.h b/libavcodec/av1_parse.h
index 276af33ba9..312d8825e1 100644
--- a/libavcodec/av1_parse.h
+++ b/libavcodec/av1_parse.h
@@ -130,6 +130,9 @@ static inline int parse_obu_header(const uint8_t *buf, int 
buf_size,
     if (get_bits_left(&gb) < 0)
         return AVERROR_INVALIDDATA;
 
+    if (*obu_size > (uint64_t)buf_size - get_bits_count(&gb) / 8)
+        return AVERROR_INVALIDDATA;
+
     *start_pos = get_bits_count(&gb) / 8;
 
     size = *obu_size + *start_pos;
-- 
2.19.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH] avcodec/av1_parse: Check obu_size

Reply via email to