[FFmpeg-devel] [libav-devel] [PATCH] hevc: validate slice address length

Michael Niedermayer michael at niedermayer.cc
Fri Jul 10 20:46:12 CEST 2015 

On Fri, Jul 10, 2015 at 08:17:49PM +0200, Andreas Cadhalpun wrote:
> On 10.07.2015 20:01, Anton Khirnov wrote:
> > Quoting Andreas Cadhalpun (2015-07-10 19:49:36)
> >> It is used as get_bits argument and reading 0 bits doesn't make sense.
> >>
> >> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> >> ---
> >>  libavcodec/hevc.c        | 6 ++++++
> >>  libavcodec/hevc_parser.c | 6 ++++++
> >>  2 files changed, 12 insertions(+)
> >>
> >> diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
> >> index 38734f0..d47af16 100644
> >> --- a/libavcodec/hevc.c
> >> +++ b/libavcodec/hevc.c
> >> @@ -459,6 +459,12 @@ static int hls_slice_header(HEVCContext *s)
> >>  
> >>          slice_address_length = av_ceil_log2(s->sps->ctb_width *
> >>                                              s->sps->ctb_height);
> >> +        if (slice_address_length <= 0) {
> >> +            av_log(s->avctx, AV_LOG_ERROR,
> >> +                   "Invalid slice address length: %d\n",
> >> +                   slice_address_length);
> >> +            return AVERROR_INVALIDDATA;
> > 
> > No, this is not invalid. Having a picture of 1x1 CTB is perfectly valid,
> > then the spec mandates that slice_segment_addr is 0.
> 
> OK, then let's make that explicit. New patch attached.
> 
> > Does get_bits() really not just return 0 on trying to read 0 bits?
> 
> The comment for get_bits() says: 'Read 1-25 bits.'
> 
> Best regards,
> Andreas

>  hevc.c        |    2 +-
>  hevc_parser.c |    2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 5eea2b8b6b752096703f81ef9eb17a7504a72d0f  0001-hevc-check-slice-address-length.patch
> From 0da1b118a19d517d5ab31321e354348844c4ce7a Mon Sep 17 00:00:00 2001
> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> Date: Fri, 10 Jul 2015 19:41:43 +0200
> Subject: [PATCH] hevc: check slice address length
> 

> It is used as get_bits argument and reading 0 bits doesn't make sense.

maybe "isnt supported"

patch LGTM

thanks


[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The greatest way to live with honor in this world is to be what we pretend
to be. -- Socrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150710/c3417b56/attachment.sig>

More information about the ffmpeg-devel mailing list