diff options
| author | Luca Barbato <lu_zero@gentoo.org> | 2014-01-11 16:52:43 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2014-01-13 02:51:53 +0100 |
| commit | 48a5b155433ed7af20fb0a5c20ca131958727727 (patch) | |
| tree | 2815b14f8dcb9b4d08ba8d7810d73bcfe67c5f55 /libavcodec | |
| parent | 7a8318fbb1f5977ef4f34670c6bf49e937f36f4e (diff) | |
| download | ffmpeg-streaming-48a5b155433ed7af20fb0a5c20ca131958727727.zip ffmpeg-streaming-48a5b155433ed7af20fb0a5c20ca131958727727.tar.gz | |
hevc: Reject impossible dependent tile
The tile 0 cannot depend on a previous one.
Prevent an out of array bound load in ff_hevc_cabac_init().
Fixes: asan_heap-oob_e3a924_1630_DBLK_A_MAIN10_VIXS_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Guillaume Martres <smarter@ubuntu.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec')
| -rw-r--r-- | libavcodec/hevc.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index 9c33da0..50e2dae 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -1853,6 +1853,11 @@ static int hls_decode_entry(AVCodecContext *avctxt, void *isFilterThread) int y_ctb = 0; int ctb_addr_ts = s->pps->ctb_addr_rs_to_ts[s->sh.slice_ctb_addr_rs]; + if (!ctb_addr_ts && s->sh.dependent_slice_segment_flag) { + av_log(s->avctx, AV_LOG_ERROR, "Impossible initial tile.\n"); + return AVERROR_INVALIDDATA; + } + while (more_data && ctb_addr_ts < s->sps->ctb_size) { int ctb_addr_rs = s->pps->ctb_addr_ts_to_rs[ctb_addr_ts]; |
