diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2015-11-27 13:37:50 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2015-11-27 14:07:03 +0100 |
| commit | 4c718691ea32e9ab70ccaa5e90bfebcea4588c42 (patch) | |
| tree | 1159b2e856b9edb2de7e523029c89fc98b9af90a /libavcodec/h264_cabac.c | |
| parent | 24c504bd0a7cd20b5e48607c7fbf5c85dc1321ab (diff) | |
| download | ffmpeg-4c718691ea32e9ab70ccaa5e90bfebcea4588c42.tar.gz | |
avcodec/cabac: Check initial cabac decoder state
Fixes integer overflows
Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Found-by: xiedingbao (Ticket4727)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8000d484b83aafa752d84fbdbfb352ffe0dc64f8)
Conflicts:
libavcodec/cabac.h
Diffstat (limited to 'libavcodec/h264_cabac.c')
| -rw-r--r-- | libavcodec/h264_cabac.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libavcodec/h264_cabac.c b/libavcodec/h264_cabac.c index c1c8b80855..04d412b74b 100644 --- a/libavcodec/h264_cabac.c +++ b/libavcodec/h264_cabac.c @@ -2026,6 +2026,7 @@ decode_intra_mb: const int mb_size = ff_h264_mb_sizes[h->sps.chroma_format_idc] * h->sps.bit_depth_luma >> 3; const uint8_t *ptr; + int ret; // We assume these blocks are very rare so we do not optimize it. // FIXME The two following lines get the bitstream position in the cabac @@ -2042,7 +2043,9 @@ decode_intra_mb: sl->intra_pcm_ptr = ptr; ptr += mb_size; - ff_init_cabac_decoder(&sl->cabac, ptr, sl->cabac.bytestream_end - ptr); + ret = ff_init_cabac_decoder(&sl->cabac, ptr, sl->cabac.bytestream_end - ptr); + if (ret < 0) + return ret; // All blocks are present h->cbp_table[mb_xy] = 0xf7ef; |