[FFmpeg-devel] [PATCH 1/8] lavc/cbs_h265: Disallow nonsensically large HVCC NAL arrays
Mark Thompson
sw at jkqxz.net
Sun Sep 29 19:45:57 EEST 2019
Fixes CID 1419833.
---
libavcodec/cbs_h2645.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
index 2dc261f7a5..185c458f61 100644
--- a/libavcodec/cbs_h2645.c
+++ b/libavcodec/cbs_h2645.c
@@ -695,7 +695,12 @@ static int cbs_h2645_split_fragment(CodedBitstreamContext *ctx,
nb_arrays = bytestream2_get_byte(&gbc);
for (i = 0; i < nb_arrays; i++) {
nal_unit_type = bytestream2_get_byte(&gbc) & 0x3f;
+
nb_nals = bytestream2_get_be16(&gbc);
+ if (nb_nals > 64) {
+ // Too many NALs of this type - the header must be invalid.
+ return AVERROR_INVALIDDATA;
+ }
start = bytestream2_tell(&gbc);
for (j = 0; j < nb_nals; j++) {
--
2.20.1
More information about the ffmpeg-devel
mailing list