On 9/29/2019 1:45 PM, Mark Thompson wrote:
> Fixes CID 1419833.
> ---
> libavcodec/cbs_h2645.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
> index 2dc261f7a5..185c458f61 100644
> --- a/libavcodec/cbs_h2645.c
> +++ b/libavcodec/cbs_h2645.c
> @@ -695,7 +695,12 @@ static int
> cbs_h2645_split_fragment(CodedBitstreamContext *ctx,
> nb_arrays = bytestream2_get_byte(&gbc);
> for (i = 0; i < nb_arrays; i++) {
> nal_unit_type = bytestream2_get_byte(&gbc) & 0x3f;
> +
> nb_nals = bytestream2_get_be16(&gbc);
> + if (nb_nals > 64) {
Why not check for the actual limit of each ps type instead? This code
will still try to parse the file if it reports more than 16 sps, for
example, despite it being invalid.
Maybe also check for nb_nals == 0.
> + // Too many NALs of this type - the header must be invalid.
> + return AVERROR_INVALIDDATA;
> + }
>
> start = bytestream2_tell(&gbc);
> for (j = 0; j < nb_nals; j++) {
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
