diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2014-08-08 16:24:54 +0400 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2014-08-08 16:24:54 +0400 |
| commit | 0bcf514198bfcb5ae99744bd82842ae37a5a55ad (patch) | |
| tree | 9a346075a4afe61ac97eb083415d86eb03813641 | |
| parent | 1ee5e2ce3d6d28d0e2999afe073bc00ddb96c171 (diff) | |
| parent | 01f9540320279954b2764645ab7136847d53d89f (diff) | |
Merge commit '01f9540320279954b2764645ab7136847d53d89f' into release/1.1
* commit '01f9540320279954b2764645ab7136847d53d89f':
h264_sei: check SEI size
Conflicts:
libavcodec/h264_sei.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavcodec/h264_sei.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c index 62320e2d6a..ee92837ab9 100644 --- a/libavcodec/h264_sei.c +++ b/libavcodec/h264_sei.c @@ -223,6 +223,12 @@ int ff_h264_decode_sei(H264Context *h){ if(s->avctx->debug&FF_DEBUG_STARTCODE) av_log(h->s.avctx, AV_LOG_DEBUG, "SEI %d len:%d\n", type, size); + if (size > get_bits_left(&s->gb) / 8) { + av_log(s->avctx, AV_LOG_ERROR, "SEI type %d truncated at %d\n", + type, get_bits_left(&s->gb)); + return AVERROR_INVALIDDATA; + } + switch(type){ case SEI_TYPE_PIC_TIMING: // Picture timing SEI if(decode_picture_timing(h) < 0) |