[libav-devel] [PATCH 01/13] h264_cavlc: check the size of the intra PCM data.

Anton Khirnov Fri, 15 Nov 2013 13:16:02 -0800

Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:[email protected]
---
 libavcodec/h264_cavlc.c |    4 ++++
 1 file changed, 4 insertions(+)


diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c
index 5ed1d5d..d3f6dcb 100644
--- a/libavcodec/h264_cavlc.c
+++ b/libavcodec/h264_cavlc.c
@@ -765,6 +765,10 @@ decode_intra_mb:
 
         // We assume these blocks are very rare so we do not optimize it.
         h->intra_pcm_ptr = align_get_bits(&h->gb);
+        if (get_bits_left(&h->gb) < mb_size) {
+            av_log(h->avctx, AV_LOG_ERROR, "Not enough data for an intra PCM 
block.\n");
+            return AVERROR_INVALIDDATA;
+        }
         skip_bits_long(&h->gb, mb_size);
 
         // In deblocking, the quantizer is 0
-- 
1.7.10.4

_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

[libav-devel] [PATCH 01/13] h264_cavlc: check the size of the intra PCM data.

Reply via email to