[FFmpeg-cvslog] avcodec/hevc: hls_decode_entry: check that the previous slice segment is available before decoding the next

[Michael Niedermayer]

ffmpeg | branch: release/2.1 | Michael Niedermayer <michaelni at gmx.at> | Fri Feb  7 04:32:28 2014 +0100| [b959e6393e8a234c73621f372397759efed66e7a] | committer: Michael Niedermayer

avcodec/hevc: hls_decode_entry: check that the previous slice segment is available before decoding the next

Fixes use of uninitialized memory
Fixes out of array read
Fixes assertion failure
Fixes part of cb307d24befbd109c6f054008d6777b5/asan_static-oob_124a175_1445_cov_2355279992_DBLK_D_VIXS_1.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 6ef57f4d9a0920c82237facb0d1f3856b17da9dc)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b959e6393e8a234c73621f372397759efed66e7a
---

 libavcodec/hevc.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index 310c213..6f072b9 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -1801,6 +1801,14 @@ static int hls_decode_entry(AVCodecContext *avctxt, void *isFilterThread)
         return AVERROR_INVALIDDATA;
     }
 
+    if (s->sh.dependent_slice_segment_flag) {
+        int prev_rs = s->pps->ctb_addr_ts_to_rs[ctb_addr_ts - 1];
+        if (s->tab_slice_address[prev_rs] == -1) {
+            av_log(s->avctx, AV_LOG_ERROR, "Previous slice segment missing\n");
+            return AVERROR_INVALIDDATA;
+        }
+    }
+
     while (more_data && ctb_addr_ts < s->sps->ctb_size) {
         int ctb_addr_rs = s->pps->ctb_addr_ts_to_rs[ctb_addr_ts];