aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2014-02-07 04:32:28 +0100
committerMichael Niedermayer <michaelni@gmx.at>2014-02-23 14:51:46 +0100
commitb959e6393e8a234c73621f372397759efed66e7a (patch)
tree8a4168aa4b919a5fbe0a2596fad198aab9dda98c
parent69f99f80d1255f3ae7c4d29f8ce3a771d9aeb6b8 (diff)
downloadffmpeg-b959e6393e8a234c73621f372397759efed66e7a.tar.gz
avcodec/hevc: hls_decode_entry: check that the previous slice segment is available before decoding the next
Fixes use of uninitialized memory Fixes out of array read Fixes assertion failure Fixes part of cb307d24befbd109c6f054008d6777b5/asan_static-oob_124a175_1445_cov_2355279992_DBLK_D_VIXS_1.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 6ef57f4d9a0920c82237facb0d1f3856b17da9dc) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r--libavcodec/hevc.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index 310c21378a..6f072b9976 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -1801,6 +1801,14 @@ static int hls_decode_entry(AVCodecContext *avctxt, void *isFilterThread)
return AVERROR_INVALIDDATA;
}
+ if (s->sh.dependent_slice_segment_flag) {
+ int prev_rs = s->pps->ctb_addr_ts_to_rs[ctb_addr_ts - 1];
+ if (s->tab_slice_address[prev_rs] == -1) {
+ av_log(s->avctx, AV_LOG_ERROR, "Previous slice segment missing\n");
+ return AVERROR_INVALIDDATA;
+ }
+ }
+
while (more_data && ctb_addr_ts < s->sps->ctb_size) {
int ctb_addr_rs = s->pps->ctb_addr_ts_to_rs[ctb_addr_ts];