videolan
/
ffmpeg
mirror of https://git.videolan.org/git/ffmpeg.git
1
Fork 0
Code Releases Activity

avcodec/h264dec: fix possible out-of-bounds array access 

If slice_type is > 9, the access to ff_h264_golomb_to_pict_type is
out-of-bounds. Fix this by simply setting the slice_type to 0 in this
case.

This is completely inconsequential because the value is only being used
to being used as an offset in the calculation of the film grain seed
value, a corruption of which is practically invisible.

Fixes coverity ticket #1490802

Signed-off-by: James Almer <jamrial@gmail.com>
This commit is contained in:
Niklas Haas 2021-08-25 05:06:01 +02:00 committed by James Almer
parent b492cacffd
commit 94653e0dee
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/h264dec.c
View File

@ -533,10 +533,8 @@ static int get_last_needed_nal(H264Context *h)
first_slice != nal->type)
nals_needed = i;
slice_type = get_ue_golomb_31(&gb);
if (slice_type > 9) {
if (h->avctx->err_recognition & AV_EF_EXPLODE)
return AVERROR_INVALIDDATA;
}
if (slice_type > 9)
slice_type = 0;
if (slice_type > 4)
slice_type -= 5;