hevc: Reject impossible slice segment

A dependent slice cannot have address 0. Prevent an out of array bound load in ff_hevc_cabac_init(). Sample-Id: 00001406-google Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
author: Luca Barbato <lu_zero@gentoo.org> 2014-01-11 11:32:07 +0100
committer: Luca Barbato <lu_zero@gentoo.org> 2014-02-01 17:04:49 +0100
commit: 816e5b997028c8215c804b1e58b2388592ed612b (patch)
tree: f6f0637511d612a733a2cd868c16efcedd12071a
parent: 09e2203b8ba6943d5c0fe6d73b65b145c3fdf98e (diff)
download: ffmpeg-816e5b997028c8215c804b1e58b2388592ed612b.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index 859b2abade..bc89b17f26 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -779,6 +779,11 @@ static int hls_slice_header(HEVCContext *s)
 
     sh->slice_ctb_addr_rs = sh->slice_segment_addr;
 
+    if (!s->sh.slice_ctb_addr_rs && s->sh.dependent_slice_segment_flag) {
+        av_log(s->avctx, AV_LOG_ERROR, "Impossible slice segment.\n");
+        return AVERROR_INVALIDDATA;
+    }
+
     s->HEVClc.first_qp_group = !s->sh.dependent_slice_segment_flag;
 
     if (!s->pps->cu_qp_delta_enabled_flag)
author	Luca Barbato <lu_zero@gentoo.org>	2014-01-11 11:32:07 +0100
committer	Luca Barbato <lu_zero@gentoo.org>	2014-02-01 17:04:49 +0100
commit	816e5b997028c8215c804b1e58b2388592ed612b (patch)
tree	f6f0637511d612a733a2cd868c16efcedd12071a
parent	09e2203b8ba6943d5c0fe6d73b65b145c3fdf98e (diff)
download	ffmpeg-816e5b997028c8215c804b1e58b2388592ed612b.tar.gz