[FFmpeg-cvslog] hevc: check that the VCL NAL types are the same for all slice segments of a frame

Anton Khirnov git at videolan.org
Tue Feb 4 13:52:30 CET 2014


ffmpeg | branch: master | Anton Khirnov <anton at khirnov.net> | Sun Feb  2 13:35:48 2014 +0100| [b25e84b7399bd91605596b67d761d3464dbe8a6e] | committer: Anton Khirnov

hevc: check that the VCL NAL types are the same for all slice segments of a frame

Fixes possible invalid memory access for mismatching skipped/non-skipped
slice segments.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Sample-Id: 00001533-google

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b25e84b7399bd91605596b67d761d3464dbe8a6e
---

 libavcodec/hevc.c |    8 ++++++++
 libavcodec/hevc.h |    2 ++
 2 files changed, 10 insertions(+)

diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index bc89b17..8d9324a 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -2471,6 +2471,7 @@ static int hevc_frame_start(HEVCContext *s)
 
     lc->start_of_tiles_x = 0;
     s->is_decoded        = 0;
+    s->first_nal_type    = s->nal_unit_type;
 
     if (s->pps->tiles_enabled_flag)
         lc->end_of_tiles_x = s->pps->column_width[0] << s->sps->log2_ctb_size;
@@ -2595,6 +2596,13 @@ static int decode_nal_unit(HEVCContext *s, const uint8_t *nal, int length)
             return AVERROR_INVALIDDATA;
         }
 
+        if (s->nal_unit_type != s->first_nal_type) {
+            av_log(s->avctx, AV_LOG_ERROR,
+                   "Non-matching NAL types of the VCL NALUs: %d %d\n",
+                   s->first_nal_type, s->nal_unit_type);
+            return AVERROR_INVALIDDATA;
+        }
+
         if (!s->sh.dependent_slice_segment_flag &&
             s->sh.slice_type != I_SLICE) {
             ret = ff_hevc_slice_rpl(s);
diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
index a674899..accfcb6 100644
--- a/libavcodec/hevc.h
+++ b/libavcodec/hevc.h
@@ -840,6 +840,8 @@ typedef struct HEVCContext {
     HEVCNAL *nals;
     int nb_nals;
     int nals_allocated;
+    // type of the first VCL NAL of the current frame
+    enum NALUnitType first_nal_type;
 
     // for checking the frame checksums
     struct AVMD5 *md5_ctx;



More information about the ffmpeg-cvslog mailing list