diff options
| author | Anton Khirnov <anton@khirnov.net> | 2013-11-15 09:42:26 +0100 |
|---|---|---|
| committer | Anton Khirnov <anton@khirnov.net> | 2013-11-21 20:52:34 +0100 |
| commit | 074c769de93bf12e9f44d77e58a8c7167f9dfb13 (patch) | |
| tree | 574e79c09681e1106f2163732821de3cc4a0c0b2 | |
| parent | ac0e03bab00182f845cd02d458f404ee30ef0998 (diff) | |
| download | ffmpeg-streaming-074c769de93bf12e9f44d77e58a8c7167f9dfb13.zip ffmpeg-streaming-074c769de93bf12e9f44d77e58a8c7167f9dfb13.tar.gz | |
h264_cavlc: check the size of the intra PCM data.
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
| -rw-r--r-- | libavcodec/h264_cavlc.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index 5ed1d5d..d3f6dcb 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -765,6 +765,10 @@ decode_intra_mb: // We assume these blocks are very rare so we do not optimize it. h->intra_pcm_ptr = align_get_bits(&h->gb); + if (get_bits_left(&h->gb) < mb_size) { + av_log(h->avctx, AV_LOG_ERROR, "Not enough data for an intra PCM block.\n"); + return AVERROR_INVALIDDATA; + } skip_bits_long(&h->gb, mb_size); // In deblocking, the quantizer is 0 |
