[libav-devel] [PATCH] hevc: make timebases and ids unsigned

Sat, 08 Mar 2014 23:38:23 -0800 

From: Michael Niedermayer <[email protected]>

Fixes integer overflow and out of array accesses.
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
---
This is the squashed version with a few more fixes.
Vittorio

 libavcodec/hevc.c    |  2 +-
 libavcodec/hevc.h    |  4 ++--
 libavcodec/hevc_ps.c | 10 +++++-----
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index f8f7e64..49ed285 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -388,7 +388,7 @@ static int decode_lt_rps(HEVCContext *s, LongTermRPS *rps, 
GetBitContext *gb)
 static int set_sps(HEVCContext *s, const HEVCSPS *sps)
 {
     int ret;
-    int num = 0, den = 0;
+    unsigned int num = 0, den = 0;
 
     pic_arrays_free(s);
     ret = pic_arrays_init(s, sps);
diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
index accfcb6..69b3180 100644
--- a/libavcodec/hevc.h
+++ b/libavcodec/hevc.h
@@ -382,7 +382,7 @@ typedef struct ScalingList {
 } ScalingList;
 
 typedef struct HEVCSPS {
-    int vps_id;
+    unsigned int vps_id;
     int chroma_format_idc;
     uint8_t separate_colour_plane_flag;
 
@@ -463,7 +463,7 @@ typedef struct HEVCSPS {
 } HEVCSPS;
 
 typedef struct HEVCPPS {
-    int sps_id; ///< seq_parameter_set_id
+    unsigned int sps_id; ///< seq_parameter_set_id
 
     uint8_t sign_data_hiding_flag;
 
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index c4c7ee2..bbc290b 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -323,7 +323,7 @@ int ff_hevc_decode_nal_vps(HEVCContext *s)
 {
     int i,j;
     GetBitContext *gb = &s->HEVClc.gb;
-    int vps_id = 0;
+    unsigned int vps_id = 0;
     HEVCVPS *vps;
     AVBufferRef *vps_buf = av_buffer_allocz(sizeof(*vps));
 
@@ -609,8 +609,8 @@ int ff_hevc_decode_nal_sps(HEVCContext *s)
 {
     const AVPixFmtDescriptor *desc;
     GetBitContext *gb = &s->HEVClc.gb;
-    int ret    = 0;
-    int sps_id = 0;
+    int ret = 0;
+    unsigned int sps_id = 0;
     int log2_diff_max_min_transform_block_size;
     int bit_depth_chroma, start, vui_present, sublayer_ordering_info;
     int i;
@@ -988,8 +988,8 @@ int ff_hevc_decode_nal_pps(HEVCContext *s)
     int pic_area_in_ctbs, pic_area_in_min_cbs, pic_area_in_min_tbs;
     int log2_diff_ctb_min_tb_size;
     int i, j, x, y, ctb_addr_rs, tile_id;
-    int ret    = 0;
-    int pps_id = 0;
+    int ret = 0;
+    unsigned int pps_id = 0;
 
     AVBufferRef *pps_buf;
     HEVCPPS *pps = av_mallocz(sizeof(*pps));
-- 
1.8.3.4 (Apple Git-47)

_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

Reply via email to