h264_sei: check SEI size

Signed-off-by: Anton Khirnov <anton@khirnov.net>
author: Michael Niedermayer <michaelni@gmx.at> 2013-09-19 16:26:25 +0200
committer: Anton Khirnov <anton@khirnov.net> 2013-09-24 13:24:29 +0200
commit: 84df6d6a85e2136be60fd34bb57dd00705a01e28 (patch)
tree: a664fcbdf238a88df1bdfc1433032e62c8c2f273
parent: 71cabb521ac397db3903011d2de7afd3e0fc7ab6 (diff)
download: ffmpeg-84df6d6a85e2136be60fd34bb57dd00705a01e28.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c
index 47f9c14d7d..27a2c7689c 100644
--- a/libavcodec/h264_sei.c
+++ b/libavcodec/h264_sei.c
@@ -190,6 +190,12 @@ int ff_h264_decode_sei(H264Context *h)
             size += show_bits(&h->gb, 8);
         while (get_bits(&h->gb, 8) == 255);
 
+        if (size > get_bits_left(&h->gb) / 8) {
+            av_log(h->avctx, AV_LOG_ERROR, "SEI type %d truncated at %d\n",
+                   type, get_bits_left(&h->gb));
+            return AVERROR_INVALIDDATA;
+        }
+
         switch (type) {
         case SEI_TYPE_PIC_TIMING: // Picture timing SEI
             ret = decode_picture_timing(h);
author	Michael Niedermayer <michaelni@gmx.at>	2013-09-19 16:26:25 +0200
committer	Anton Khirnov <anton@khirnov.net>	2013-09-24 13:24:29 +0200
commit	84df6d6a85e2136be60fd34bb57dd00705a01e28 (patch)
tree	a664fcbdf238a88df1bdfc1433032e62c8c2f273
parent	71cabb521ac397db3903011d2de7afd3e0fc7ab6 (diff)
download	ffmpeg-84df6d6a85e2136be60fd34bb57dd00705a01e28.tar.gz