[FFmpeg-cvslog] avformat/hevc: Check num_long_term_ref_pics_sps to	avoid potentially long loops
    Michael Niedermayer 
    git at videolan.org
       
    Thu Nov 12 04:07:34 CET 2015
    
    
  
ffmpeg | branch: release/2.7 | Michael Niedermayer <michael at niedermayer.cc> | Mon Aug 24 13:04:38 2015 +0200| [679df05683e6a36e3af4d98a65248debc472ed7d] | committer: Michael Niedermayer
avformat/hevc: Check num_long_term_ref_pics_sps to avoid potentially long loops
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ee155c18a2c50b339ba5f6f223fbb6dc343fd471)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=679df05683e6a36e3af4d98a65248debc472ed7d
---
 libavformat/hevc.c |    2 ++
 1 file changed, 2 insertions(+)
diff --git a/libavformat/hevc.c b/libavformat/hevc.c
index c3257ff..f0cbab8 100644
--- a/libavformat/hevc.c
+++ b/libavformat/hevc.c
@@ -566,6 +566,8 @@ static int hvcc_parse_sps(GetBitContext *gb,
 
     if (get_bits1(gb)) {                               // long_term_ref_pics_present_flag
         unsigned num_long_term_ref_pics_sps = get_ue_golomb_long(gb);
+        if (num_long_term_ref_pics_sps > 31U)
+            return AVERROR_INVALIDDATA;
         for (i = 0; i < num_long_term_ref_pics_sps; i++) { // num_long_term_ref_pics_sps
             int len = FFMIN(log2_max_pic_order_cnt_lsb_minus4 + 4, 16);
             skip_bits (gb, len); // lt_ref_pic_poc_lsb_sps[i]
    
    
More information about the ffmpeg-cvslog
mailing list