[FFmpeg-cvslog] avcodec/hevc_ps: Check that log2_ctb_size is not smaller than the bounds of all profiles

Michael Niedermayer git at videolan.org
Wed Feb 25 23:09:32 CET 2015


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Feb 25 22:10:41 2015 +0100| [701c965a76069724d07ec57f3e1f9ca802138f29] | committer: Michael Niedermayer

avcodec/hevc_ps: Check that log2_ctb_size is not smaller than the bounds of all profiles

Fixes: unaligned memory access
Fixes: signal_sigsegv_3344165_576_cov_3406448105_DBLK_A_MAIN10_VIXS_2.bit

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Suggested-by: Christophe Gisquet <christophe.gisquet at gmail.com>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=701c965a76069724d07ec57f3e1f9ca802138f29
---

 libavcodec/hevc_ps.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index 65b3268..85ce2cc 100644
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -1083,6 +1083,14 @@ int ff_hevc_decode_nal_sps(HEVCContext *s)
         av_log(s->avctx, AV_LOG_ERROR, "CTB size out of range: 2^%d\n", sps->log2_ctb_size);
         goto err;
     }
+    if (sps->log2_ctb_size < 4) {
+        av_log(s->avctx,
+               AV_LOG_ERROR,
+               "log2_ctb_size %d differs from the bounds of any known profile\n",
+               sps->log2_ctb_size);
+        avpriv_request_sample(s->avctx, "log2_ctb_size %d", sps->log2_ctb_size);
+        goto err;
+    }
     if (sps->max_transform_hierarchy_depth_inter > sps->log2_ctb_size - sps->log2_min_tb_size) {
         av_log(s->avctx, AV_LOG_ERROR, "max_transform_hierarchy_depth_inter out of range: %d\n",
                sps->max_transform_hierarchy_depth_inter);



More information about the ffmpeg-cvslog mailing list