Module: libav Branch: release/0.8 Commit: 23144c5f060de1863859308eab4bc888b817840c
Author: Anton Khirnov <[email protected]> Committer: Reinhard Tartler <[email protected]> Date: Fri Nov 15 09:42:26 2013 +0100 h264_cavlc: check the size of the intra PCM data. Fixes invalid reads. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:[email protected] (cherry picked from commit b5275ca1a805436ca12540c34dd5ed1671877434) Signed-off-by: Reinhard Tartler <[email protected]> --- libavcodec/h264_cavlc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index da9e1cb..5e3c79d 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -769,6 +769,10 @@ decode_intra_mb: // We assume these blocks are very rare so we do not optimize it. align_get_bits(&s->gb); + if (get_bits_left(&s->gb) < mb_size) { + av_log(s->avctx, AV_LOG_ERROR, "Not enough data for an intra PCM block.\n"); + return AVERROR_INVALIDDATA; + } // The pixels are stored in the same order as levels in h->mb array. for(x=0; x < mb_size; x++){ _______________________________________________ libav-commits mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-commits
