Commit 3e9d5e16 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/hevc: Check offset_len

Fixes CID1239099 part 1
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 6d787aea
...@@ -712,6 +712,13 @@ static int hls_slice_header(HEVCContext *s) ...@@ -712,6 +712,13 @@ static int hls_slice_header(HEVCContext *s)
int offset_len = get_ue_golomb_long(gb) + 1; int offset_len = get_ue_golomb_long(gb) + 1;
int segments = offset_len >> 4; int segments = offset_len >> 4;
int rest = (offset_len & 15); int rest = (offset_len & 15);
if (offset_len < 1 || offset_len > 32) {
sh->num_entry_point_offsets = 0;
av_log(s->avctx, AV_LOG_ERROR, "offset_len %d is invalid\n", offset_len);
return AVERROR_INVALIDDATA;
}
av_freep(&sh->entry_point_offset); av_freep(&sh->entry_point_offset);
av_freep(&sh->offset); av_freep(&sh->offset);
av_freep(&sh->size); av_freep(&sh->size);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment