avcodec/hevc: Check offset_len

Fixes CID1239099 part 1 Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 3e9d5e16ad9799f6b6faae4f21120d23146b84c9) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2015-05-13 13:13:07 +0200
committer: Michael Niedermayer <michaelni@gmx.at> 2015-05-15 10:04:51 +0200
commit: fe22d0d7c6edaa91c092cfc3d67aa5ebb4d989c7 (patch)
tree: 830e8a4e933ff0d45308552153b5dbc2ec91c2ed
parent: a5167b4d66d2e6ea3557f024e63437de5cf8d926 (diff)
download: ffmpeg-fe22d0d7c6edaa91c092cfc3d67aa5ebb4d989c7.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index b7ad29a081..dfc5616de7 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -699,6 +699,13 @@ static int hls_slice_header(HEVCContext *s)
             int offset_len = get_ue_golomb_long(gb) + 1;
             int segments = offset_len >> 4;
             int rest = (offset_len & 15);
+
+            if (offset_len < 1 || offset_len > 32) {
+                sh->num_entry_point_offsets = 0;
+                av_log(s->avctx, AV_LOG_ERROR, "offset_len %d is invalid\n", offset_len);
+                return AVERROR_INVALIDDATA;
+            }
+
             av_freep(&sh->entry_point_offset);
             av_freep(&sh->offset);
             av_freep(&sh->size);
author	Michael Niedermayer <michaelni@gmx.at>	2015-05-13 13:13:07 +0200
committer	Michael Niedermayer <michaelni@gmx.at>	2015-05-15 10:04:51 +0200
commit	fe22d0d7c6edaa91c092cfc3d67aa5ebb4d989c7 (patch)
tree	830e8a4e933ff0d45308552153b5dbc2ec91c2ed
parent	a5167b4d66d2e6ea3557f024e63437de5cf8d926 (diff)
download	ffmpeg-fe22d0d7c6edaa91c092cfc3d67aa5ebb4d989c7.tar.gz