[FFmpeg-devel] [libav-devel] [PATCH] hevc: validate slice address length
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Fri Jul 10 20:17:49 CEST 2015
On 10.07.2015 20:01, Anton Khirnov wrote:
> Quoting Andreas Cadhalpun (2015-07-10 19:49:36)
>> It is used as get_bits argument and reading 0 bits doesn't make sense.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>> libavcodec/hevc.c | 6 ++++++
>> libavcodec/hevc_parser.c | 6 ++++++
>> 2 files changed, 12 insertions(+)
>>
>> diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
>> index 38734f0..d47af16 100644
>> --- a/libavcodec/hevc.c
>> +++ b/libavcodec/hevc.c
>> @@ -459,6 +459,12 @@ static int hls_slice_header(HEVCContext *s)
>>
>> slice_address_length = av_ceil_log2(s->sps->ctb_width *
>> s->sps->ctb_height);
>> + if (slice_address_length <= 0) {
>> + av_log(s->avctx, AV_LOG_ERROR,
>> + "Invalid slice address length: %d\n",
>> + slice_address_length);
>> + return AVERROR_INVALIDDATA;
>
> No, this is not invalid. Having a picture of 1x1 CTB is perfectly valid,
> then the spec mandates that slice_segment_addr is 0.
OK, then let's make that explicit. New patch attached.
> Does get_bits() really not just return 0 on trying to read 0 bits?
The comment for get_bits() says: 'Read 1-25 bits.'
Best regards,
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-hevc-check-slice-address-length.patch
Type: text/x-diff
Size: 1998 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150710/722d5f6c/attachment.patch>
More information about the ffmpeg-devel
mailing list