aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2015-02-25 22:10:41 +0100
committerMichael Niedermayer <michaelni@gmx.at>2015-02-25 22:30:25 +0100
commit701c965a76069724d07ec57f3e1f9ca802138f29 (patch)
treea80725b46791bdda4d1cdc972db3dcbe162ab2a8
parentdd369c9adbdd6b5bb306db15dce9ad8d370385fc (diff)
downloadffmpeg-701c965a76069724d07ec57f3e1f9ca802138f29.tar.gz
avcodec/hevc_ps: Check that log2_ctb_size is not smaller than the bounds of all profiles
Fixes: unaligned memory access Fixes: signal_sigsegv_3344165_576_cov_3406448105_DBLK_A_MAIN10_VIXS_2.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Suggested-by: Christophe Gisquet <christophe.gisquet@gmail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat
-rw-r--r--libavcodec/hevc_ps.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 65b3268c81..85ce2ccc87 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -1083,6 +1083,14 @@ int ff_hevc_decode_nal_sps(HEVCContext *s)
av_log(s->avctx, AV_LOG_ERROR, "CTB size out of range: 2^%d\n", sps->log2_ctb_size);
goto err;
}
+ if (sps->log2_ctb_size < 4) {
+ av_log(s->avctx,
+ AV_LOG_ERROR,
+ "log2_ctb_size %d differs from the bounds of any known profile\n",
+ sps->log2_ctb_size);
+ avpriv_request_sample(s->avctx, "log2_ctb_size %d", sps->log2_ctb_size);
+ goto err;
+ }
if (sps->max_transform_hierarchy_depth_inter > sps->log2_ctb_size - sps->log2_min_tb_size) {
av_log(s->avctx, AV_LOG_ERROR, "max_transform_hierarchy_depth_inter out of range: %d\n",
sps->max_transform_hierarchy_depth_inter);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 06:18:06 +0000