On 07/03/14 17:04, Vittorio Giovara wrote:
> From: Michael Niedermayer <[email protected]>
>
> Fixes integer overflow and out of array accesses.
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
>From a cursory look.
libavcodec/hevc_ps.c: int sps_id = 0;
libavcodec/hevc_ps.c: sps_id = get_ue_golomb_long(gb);
libavcodec/hevc_ps.c: if (sps_id >= MAX_SPS_COUNT) {
libavcodec/hevc_ps.c: pps->sps_id = get_ue_golomb_long(gb);
libavcodec/hevc_ps.c: if (pps->sps_id >= MAX_SPS_COUNT) {
libavcodec/hevc_ps.c: vps_id = get_bits(gb, 4);
libavcodec/hevc_ps.c: if (vps_id >= MAX_VPS_COUNT) {
lu
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
