hevc: Reject impossible dependent tile

The tile 0 cannot depend on a previous one. Prevent an out of array bound load in ff_hevc_cabac_init(). Fixes: asan_heap-oob_e3a924_1630_DBLK_A_MAIN10_VIXS_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Reviewed-by: Guillaume Martres <smarter@ubuntu.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 48a5b155433ed7af20fb0a5c20ca131958727727) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Luca Barbato <lu_zero@gentoo.org> 2014-01-11 16:52:43 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2014-01-13 16:16:58 +0100
commit: 39545c54826c5c0afb8af83507803e0d891409ea (patch)
tree: ac4b3cd76dc897e2fb1a2b1d5798003434f8f576
parent: e43805d40188f2797619cdf068b64d2c3ada8a8f (diff)
download: ffmpeg-39545c54826c5c0afb8af83507803e0d891409ea.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index 8b15ec58b0..e6fd5cfbb0 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -1775,6 +1775,11 @@ static int hls_decode_entry(AVCodecContext *avctxt, void *isFilterThread)
     int y_ctb       = 0;
     int ctb_addr_ts = s->pps->ctb_addr_rs_to_ts[s->sh.slice_ctb_addr_rs];
 
+    if (!ctb_addr_ts && s->sh.dependent_slice_segment_flag) {
+        av_log(s->avctx, AV_LOG_ERROR, "Impossible initial tile.\n");
+        return AVERROR_INVALIDDATA;
+    }
+
     while (more_data && ctb_addr_ts < s->sps->ctb_size) {
         int ctb_addr_rs = s->pps->ctb_addr_ts_to_rs[ctb_addr_ts];
author	Luca Barbato <lu_zero@gentoo.org>	2014-01-11 16:52:43 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2014-01-13 16:16:58 +0100
commit	39545c54826c5c0afb8af83507803e0d891409ea (patch)
tree	ac4b3cd76dc897e2fb1a2b1d5798003434f8f576
parent	e43805d40188f2797619cdf068b64d2c3ada8a8f (diff)
download	ffmpeg-39545c54826c5c0afb8af83507803e0d891409ea.tar.gz