avcodec/hevc: Check offset_len

Fixes CID1239099 part 1 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3e9d5e16ad9799f6b6faae4f21120d23146b84c9) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2015-05-13 13:13:07 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2015-05-21 20:43:38 +0200
commit: 0230a8efc6c9d505dc4be36e2909d9230b0813a9 (patch)
tree: 6abf8e8018aa73efede98b906c80c5ab3dfd2619
parent: ef5fa5099b4a7993da03968cca3773d52c13b02e (diff)
download: ffmpeg-0230a8efc6c9d505dc4be36e2909d9230b0813a9.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index 8fac87d889..aec1f1bf55 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -679,6 +679,13 @@ static int hls_slice_header(HEVCContext *s)
             int offset_len = get_ue_golomb_long(gb) + 1;
             int segments = offset_len >> 4;
             int rest = (offset_len & 15);
+
+            if (offset_len < 1 || offset_len > 32) {
+                sh->num_entry_point_offsets = 0;
+                av_log(s->avctx, AV_LOG_ERROR, "offset_len %d is invalid\n", offset_len);
+                return AVERROR_INVALIDDATA;
+            }
+
             av_freep(&sh->entry_point_offset);
             av_freep(&sh->offset);
             av_freep(&sh->size);
author	Michael Niedermayer <michaelni@gmx.at>	2015-05-13 13:13:07 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2015-05-21 20:43:38 +0200
commit	0230a8efc6c9d505dc4be36e2909d9230b0813a9 (patch)
tree	6abf8e8018aa73efede98b906c80c5ab3dfd2619
parent	ef5fa5099b4a7993da03968cca3773d52c13b02e (diff)
download	ffmpeg-0230a8efc6c9d505dc4be36e2909d9230b0813a9.tar.gz