[FFmpeg-cvslog] hevc: Reject impossible dependent tile

Luca Barbato git at videolan.org
Mon Jan 13 17:28:59 CET 2014


ffmpeg | branch: release/2.1 | Luca Barbato <lu_zero at gentoo.org> | Sat Jan 11 16:52:43 2014 +0100| [39545c54826c5c0afb8af83507803e0d891409ea] | committer: Michael Niedermayer

hevc: Reject impossible dependent tile

The tile 0 cannot depend on a previous one.
Prevent an out of array bound load in ff_hevc_cabac_init().

Fixes: asan_heap-oob_e3a924_1630_DBLK_A_MAIN10_VIXS_2.bit
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind

Reviewed-by: Guillaume Martres <smarter at ubuntu.com>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 48a5b155433ed7af20fb0a5c20ca131958727727)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=39545c54826c5c0afb8af83507803e0d891409ea
---

 libavcodec/hevc.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
index 8b15ec5..e6fd5cf 100644
--- a/libavcodec/hevc.c
+++ b/libavcodec/hevc.c
@@ -1775,6 +1775,11 @@ static int hls_decode_entry(AVCodecContext *avctxt, void *isFilterThread)
     int y_ctb       = 0;
     int ctb_addr_ts = s->pps->ctb_addr_rs_to_ts[s->sh.slice_ctb_addr_rs];
 
+    if (!ctb_addr_ts && s->sh.dependent_slice_segment_flag) {
+        av_log(s->avctx, AV_LOG_ERROR, "Impossible initial tile.\n");
+        return AVERROR_INVALIDDATA;
+    }
+
     while (more_data && ctb_addr_ts < s->sps->ctb_size) {
         int ctb_addr_rs = s->pps->ctb_addr_ts_to_rs[ctb_addr_ts];
 



More information about the ffmpeg-cvslog mailing list