[libav-stable] h264_cavlc: check the size of the intra PCM data.

Anton Khirnov git at libav.org
Thu Nov 21 21:14:31 CET 2013


Module: libav
Branch: master
Commit: 074c769de93bf12e9f44d77e58a8c7167f9dfb13

Author:    Anton Khirnov <anton at khirnov.net>
Committer: Anton Khirnov <anton at khirnov.net>
Date:      Fri Nov 15 09:42:26 2013 +0100

h264_cavlc: check the size of the intra PCM data.

Fixes invalid reads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable at libav.org

---

 libavcodec/h264_cavlc.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c
index 5ed1d5d..d3f6dcb 100644
--- a/libavcodec/h264_cavlc.c
+++ b/libavcodec/h264_cavlc.c
@@ -765,6 +765,10 @@ decode_intra_mb:
 
         // We assume these blocks are very rare so we do not optimize it.
         h->intra_pcm_ptr = align_get_bits(&h->gb);
+        if (get_bits_left(&h->gb) < mb_size) {
+            av_log(h->avctx, AV_LOG_ERROR, "Not enough data for an intra PCM block.\n");
+            return AVERROR_INVALIDDATA;
+        }
         skip_bits_long(&h->gb, mb_size);
 
         // In deblocking, the quantizer is 0



More information about the libav-stable mailing list