diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2015-07-08 17:49:00 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2015-07-08 17:50:05 +0200 |
| commit | 3c63d06d81e7b4ff8f37c0a3cc344d6a80f72928 (patch) | |
| tree | 662596960a21441e56e411db49bab383e94b0e0a | |
| parent | 80e42387dc524a6c893bca3ec27d55a850af58e4 (diff) | |
| download | ffmpeg-3c63d06d81e7b4ff8f37c0a3cc344d6a80f72928.tar.gz | |
avcodec/h264_slice: Fix container cropping
Fixes out of array read
Fixes: asan_heap-oob_394322e_138_cov_4265020547_CVPCMNL1_SVA_C.264
Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/h264_slice.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c index 4b6c2170d0..10a50bbfc7 100644 --- a/libavcodec/h264_slice.c +++ b/libavcodec/h264_slice.c @@ -980,7 +980,10 @@ static int init_dimensions(H264Context *h) /* handle container cropping */ if (FFALIGN(h->avctx->width, 16) == FFALIGN(width, 16) && - FFALIGN(h->avctx->height, 16) == FFALIGN(height, 16)) { + FFALIGN(h->avctx->height, 16) == FFALIGN(height, 16) && + h->avctx->width <= width && + h->avctx->height <= height + ) { width = h->avctx->width; height = h->avctx->height; } |