diff options
| author | Anton Khirnov <anton@khirnov.net> | 2013-11-15 09:42:26 +0100 |
|---|---|---|
| committer | Sean McGovern <gseanmcg@gmail.com> | 2014-02-01 14:59:50 -0500 |
| commit | b5275ca1a805436ca12540c34dd5ed1671877434 (patch) | |
| tree | 7aedac64588470679441048acd75502fb132077c /libavcodec | |
| parent | d9c82cea11cef662fda21fccbe1a1f62c1689952 (diff) | |
| download | ffmpeg-b5275ca1a805436ca12540c34dd5ed1671877434.tar.gz | |
h264_cavlc: check the size of the intra PCM data.
Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
Diffstat (limited to 'libavcodec')
| -rw-r--r-- | libavcodec/h264_cavlc.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index 0cc7214666..c01e94b5c1 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -770,6 +770,10 @@ decode_intra_mb: // We assume these blocks are very rare so we do not optimize it. align_get_bits(&s->gb); + if (get_bits_left(&s->gb) < mb_size) { + av_log(s->avctx, AV_LOG_ERROR, "Not enough data for an intra PCM block.\n"); + return AVERROR_INVALIDDATA; + } // The pixels are stored in the same order as levels in h->mb array. for(x=0; x < mb_size; x++){ |