aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJames Almer <jamrial@gmail.com>2023-06-19 17:01:41 -0300
committerJames Almer <jamrial@gmail.com>2023-06-19 17:21:19 -0300
commite81eafcb974f9d7999889dd6c96cf77b07fde08b (patch)
treea46e110bfc02c07aa8f7f33375d3b43efafa029f
parent048b8bdd5eb4add7ba839b98ed717fe85b890c50 (diff)
downloadffmpeg-e81eafcb974f9d7999889dd6c96cf77b07fde08b.tar.gz
avformat/evc: skip nalu header size bytes before parsing sps
Signed-off-by: James Almer <jamrial@gmail.com>
Diffstat
-rw-r--r--libavformat/evc.c7
-rw-r--r--tests/ref/lavf-fate/evc.mp42
2 files changed, 8 insertions, 1 deletions
diff --git a/libavformat/evc.c b/libavformat/evc.c
index a194da1c39..79463ba018 100644
--- a/libavformat/evc.c
+++ b/libavformat/evc.c
@@ -120,6 +120,9 @@ static int evcc_parse_sps(const uint8_t *bs, int bs_size, EVCDecoderConfiguratio
int sps_seq_parameter_set_id;
EVCSPS sps;
+ bs += EVC_NALU_HEADER_SIZE;
+ bs_size -= EVC_NALU_HEADER_SIZE;
+
if (init_get_bits8(&gb, bs, bs_size) < 0)
return 0;
@@ -368,6 +371,10 @@ int ff_isom_write_evcc(AVIOContext *pb, const uint8_t *data,
if (bytes_to_read < nalu_size) break;
nalu_type = evc_get_nalu_type(data, bytes_to_read, pb);
+ if (nalu_type < EVC_NOIDR_NUT || nalu_type > EVC_UNSPEC_NUT62) {
+ ret = AVERROR_INVALIDDATA;
+ goto end;
+ }
// @see ISO/IEC 14496-15:2021 Coding of audio-visual objects - Part 15: section 12.3.3.3
// NAL_unit_type indicates the type of the NAL units in the following array (which shall be all of that type);
diff --git a/tests/ref/lavf-fate/evc.mp4 b/tests/ref/lavf-fate/evc.mp4
index b0afa350ac..4b410b84f3 100644
--- a/tests/ref/lavf-fate/evc.mp4
+++ b/tests/ref/lavf-fate/evc.mp4
@@ -1,3 +1,3 @@
-55294f868fa3b31d34a48344c4f72630 *tests/data/lavf-fate/lavf.evc.mp4
+885fb330b20632b88ef9d7fb03dfa2e9 *tests/data/lavf-fate/lavf.evc.mp4
37386 tests/data/lavf-fate/lavf.evc.mp4
tests/data/lavf-fate/lavf.evc.mp4 CRC=0x48063f85
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-21 01:50:42 +0000