Merge commit '01f9540320279954b2764645ab7136847d53d89f' into release/1.1

* commit '01f9540320279954b2764645ab7136847d53d89f': h264_sei: check SEI size Conflicts: libavcodec/h264_sei.c Merged-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2014-08-08 14:24:54 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2014-08-08 14:24:54 +0200
commit: 0bcf514198bfcb5ae99744bd82842ae37a5a55ad (patch)
tree: 9a346075a4afe61ac97eb083415d86eb03813641
parent: 1ee5e2ce3d6d28d0e2999afe073bc00ddb96c171 (diff)
parent: 01f9540320279954b2764645ab7136847d53d89f (diff)
download: ffmpeg-0bcf514198bfcb5ae99744bd82842ae37a5a55ad.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c
index 62320e2d6a..ee92837ab9 100644
--- a/libavcodec/h264_sei.c
+++ b/libavcodec/h264_sei.c
@@ -223,6 +223,12 @@ int ff_h264_decode_sei(H264Context *h){
         if(s->avctx->debug&FF_DEBUG_STARTCODE)
             av_log(h->s.avctx, AV_LOG_DEBUG, "SEI %d len:%d\n", type, size);
 
+        if (size > get_bits_left(&s->gb) / 8) {
+            av_log(s->avctx, AV_LOG_ERROR, "SEI type %d truncated at %d\n",
+                   type, get_bits_left(&s->gb));
+            return AVERROR_INVALIDDATA;
+        }
+
         switch(type){
         case SEI_TYPE_PIC_TIMING: // Picture timing SEI
             if(decode_picture_timing(h) < 0)
author	Michael Niedermayer <michaelni@gmx.at>	2014-08-08 14:24:54 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2014-08-08 14:24:54 +0200
commit	0bcf514198bfcb5ae99744bd82842ae37a5a55ad (patch)
tree	9a346075a4afe61ac97eb083415d86eb03813641
parent	1ee5e2ce3d6d28d0e2999afe073bc00ddb96c171 (diff)
parent	01f9540320279954b2764645ab7136847d53d89f (diff)
download	ffmpeg-0bcf514198bfcb5ae99744bd82842ae37a5a55ad.tar.gz