Module: libav Branch: release/9 Commit: b5275ca1a805436ca12540c34dd5ed1671877434
Author: Anton Khirnov <[email protected]> Committer: Sean McGovern <[email protected]> Date: Fri Nov 15 09:42:26 2013 +0100 h264_cavlc: check the size of the intra PCM data. Fixes invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:[email protected] --- libavcodec/h264_cavlc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index 0cc7214..c01e94b 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -770,6 +770,10 @@ decode_intra_mb: // We assume these blocks are very rare so we do not optimize it. align_get_bits(&s->gb); + if (get_bits_left(&s->gb) < mb_size) { + av_log(s->avctx, AV_LOG_ERROR, "Not enough data for an intra PCM block.\n"); + return AVERROR_INVALIDDATA; + } // The pixels are stored in the same order as levels in h->mb array. for(x=0; x < mb_size; x++){ _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
