sps ids unsigned where necessary

Vittorio Giovara Sun, 09 Mar 2014 09:21:23 -0700

Fixes integer overflow and out of array accesses.
Found-by: Mateusz j00ru Jurczyk and Gynvael Coldwind
---
 libavcodec/hevc.h    | 2 +-
 libavcodec/hevc_ps.c | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)


diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h
index accfcb6..1197d08 100644
--- a/libavcodec/hevc.h
+++ b/libavcodec/hevc.h
@@ -463,7 +463,7 @@ typedef struct HEVCSPS {
 } HEVCSPS;
 
 typedef struct HEVCPPS {
-    int sps_id; ///< seq_parameter_set_id
+    unsigned int sps_id; ///< seq_parameter_set_id
 
     uint8_t sign_data_hiding_flag;
 
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index c4c7ee2..5e5d4a7 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -609,8 +609,8 @@ int ff_hevc_decode_nal_sps(HEVCContext *s)
 {
     const AVPixFmtDescriptor *desc;
     GetBitContext *gb = &s->HEVClc.gb;
-    int ret    = 0;
-    int sps_id = 0;
+    int ret = 0;
+    unsigned int sps_id = 0;
     int log2_diff_max_min_transform_block_size;
     int bit_depth_chroma, start, vui_present, sublayer_ordering_info;
     int i;
@@ -988,8 +988,8 @@ int ff_hevc_decode_nal_pps(HEVCContext *s)
     int pic_area_in_ctbs, pic_area_in_min_cbs, pic_area_in_min_tbs;
     int log2_diff_ctb_min_tb_size;
     int i, j, x, y, ctb_addr_rs, tile_id;
-    int ret    = 0;
-    int pps_id = 0;
+    int ret = 0;
+    unsigned int pps_id = 0;
 
     AVBufferRef *pps_buf;
     HEVCPPS *pps = av_mallocz(sizeof(*pps));
-- 
1.8.3.4 (Apple Git-47)

_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

[libav-devel] [PATCH 2/2] hevc: make vps/sps ids unsigned where necessary

Reply via email to