[FFmpeg-cvslog] avcodec/hevc: Check offset_len

Michael Niedermayer git at videolan.org
Wed May 13 14:33:35 CEST 2015


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed May 13 13:13:07 2015 +0200| [3e9d5e16ad9799f6b6faae4f21120d23146b84c9] | committer: Michael Niedermayer

avcodec/hevc: Check offset_len

Fixes CID1239099 part 1

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e9d5e16ad9799f6b6faae4f21120d23146b84c9
---

 libavcodec/hevc.c |    7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index 554e60f..dc7cabb 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -712,6 +712,13 @@ static int hls_slice_header(HEVCContext *s)
             int offset_len = get_ue_golomb_long(gb) + 1;
             int segments = offset_len >> 4;
             int rest = (offset_len & 15);
+
+            if (offset_len < 1 || offset_len > 32) {
+                sh->num_entry_point_offsets = 0;
+                av_log(s->avctx, AV_LOG_ERROR, "offset_len %d is invalid\n", offset_len);
+                return AVERROR_INVALIDDATA;
+            }
+
             av_freep(&sh->entry_point_offset);
             av_freep(&sh->offset);
             av_freep(&sh->size);



More information about the ffmpeg-cvslog mailing list