[FFmpeg-cvslog] h264_sei: check SEI size

Michael Niedermayer git at videolan.org
Fri Aug 8 14:30:15 CEST 2014


ffmpeg | branch: release/1.1 | Michael Niedermayer <michaelni at gmx.at> | Thu Sep 19 16:26:25 2013 +0200| [01f9540320279954b2764645ab7136847d53d89f] | committer: Vittorio Giovara

h264_sei: check SEI size

Signed-off-by: Anton Khirnov <anton at khirnov.net>
Signed-off-by: Vittorio Giovara <vittorio.giovara at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=01f9540320279954b2764645ab7136847d53d89f
---

 libavcodec/h264_sei.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c
index 2e5fb65..5995a8e 100644
--- a/libavcodec/h264_sei.c
+++ b/libavcodec/h264_sei.c
@@ -177,6 +177,12 @@ int ff_h264_decode_sei(H264Context *h){
             size+= show_bits(&s->gb, 8);
         }while(get_bits(&s->gb, 8) == 255);
 
+        if (size > get_bits_left(&s->gb) / 8) {
+            av_log(s->avctx, AV_LOG_ERROR, "SEI type %d truncated at %d\n",
+                   type, get_bits_left(&s->gb));
+            return AVERROR_INVALIDDATA;
+        }
+
         switch(type){
         case SEI_TYPE_PIC_TIMING: // Picture timing SEI
             if(decode_picture_timing(h) < 0)



More information about the ffmpeg-cvslog mailing list