avcodec/h264: Check weight values to be within the specs limits.

Fixes: integer overflows Fixes: 911/clusterfuzz-testcase-5415105606975488 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Reviewed-by: "Ronald S. Bultje" <rsbultje@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2017-03-21 23:46:14 +0100
committer: Michael Niedermayer <michael@niedermayer.cc> 2017-04-07 15:33:17 +0200
commit: 08117a40157464f8a9dcc2df393fa5fe299c1e98 (patch)
tree: 0ac5d2cf186cafd222262db35e9701d07b7bd1ff /libavcodec/h264_slice.c
parent: 9c7ee37490d21350ab1a2e07069284daf1943e52 (diff)
download: ffmpeg-08117a40157464f8a9dcc2df393fa5fe299c1e98.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index d4d31ccb00..34bd6cf206 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -1780,9 +1780,12 @@ static int h264_slice_header_parse(const H264Context *h, H264SliceContext *sl,
     }
     if ((pps->weighted_pred && sl->slice_type_nos == AV_PICTURE_TYPE_P) ||
         (pps->weighted_bipred_idc == 1 &&
-         sl->slice_type_nos == AV_PICTURE_TYPE_B))
-        ff_h264_pred_weight_table(&sl->gb, sps, sl->ref_count,
+         sl->slice_type_nos == AV_PICTURE_TYPE_B)) {
+        ret = ff_h264_pred_weight_table(&sl->gb, sps, sl->ref_count,
                                   sl->slice_type_nos, &sl->pwt, h->avctx);
+        if (ret < 0)
+            return ret;
+    }
 
     sl->explicit_ref_marking = 0;
     if (nal->ref_idc) {
author	Michael Niedermayer <michael@niedermayer.cc>	2017-03-21 23:46:14 +0100
committer	Michael Niedermayer <michael@niedermayer.cc>	2017-04-07 15:33:17 +0200
commit	08117a40157464f8a9dcc2df393fa5fe299c1e98 (patch)
tree	0ac5d2cf186cafd222262db35e9701d07b7bd1ff /libavcodec/h264_slice.c
parent	9c7ee37490d21350ab1a2e07069284daf1943e52 (diff)
download	ffmpeg-08117a40157464f8a9dcc2df393fa5fe299c1e98.tar.gz