videolan/ffmpeg
1
Fork 0
mirror of https://git.videolan.org/git/ffmpeg.git synced 2024-09-30 08:35:41 +02:00
Code Releases Activity

avcodec/cbs_h2645: Fix potential out-of-bounds array access

Browse Source 
The maximum allowed index for an array access is FF_ARRAY_ELEMS - 1; yet
the current code allowed FF_ARRAY_ELEMS. This wasn't dangerous in practice,
as parameter sets with invalid ids were already filtered out during
reading.

Found via PVS-Studio (see ticket #8156).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This commit is contained in:
Andreas Rheinhardt 2019-09-18 05:25:58 +02:00 committed by Mark Thompson
parent e3f0ecfc57
commit f3333c3c67
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/cbs_h2645.c
View File

@ -748,7 +748,7 @@ static int cbs_h26 ## h26n ## _replace_ ## ps_var(CodedBitstreamContext *ctx, \
CodedBitstreamH26 ## h26n ## Context *priv = ctx->priv_data; \
H26 ## h26n ## Raw ## ps_name *ps_var = unit->content; \
unsigned int id = ps_var->id_element; \
if (id > FF_ARRAY_ELEMS(priv->ps_var)) { \
if (id >= FF_ARRAY_ELEMS(priv->ps_var)) { \
av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid " #ps_name \
" id : %d.\n", id); \
return AVERROR_INVALIDDATA; \