avcodec/h264: Check *log2_weight_denom

Fixes undefined behavior Fixes: signal_sigsegv_14768d2_2248_cov_3629497219_h264_h264___pi_20070614T182942.h264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 61296d41e2de3b41304339e4631dd44c2e15f805) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2014-12-18 05:16:39 +0300
committer: Michael Niedermayer <michaelni@gmx.at> 2014-12-18 05:48:46 +0300
commit: 96e2a4ba7402fa711efb8cf8adf4058d4748b71c (patch)
tree: aa5c5a12957d7524c56f09f8f98172cacb42e7be
parent: a9c0f905aa3bd5342ffa3a0e9d54172d4c541903 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 37f770e0b3..65e53ac290 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -2432,6 +2432,16 @@ static int pred_weight_table(H264Context *h)
     h->luma_log2_weight_denom = get_ue_golomb(&h->gb);
     if (h->sps.chroma_format_idc)
         h->chroma_log2_weight_denom = get_ue_golomb(&h->gb);
+
+    if (h->luma_log2_weight_denom > 7U) {
+        av_log(h->avctx, AV_LOG_ERROR, "luma_log2_weight_denom %d is out of range\n", h->luma_log2_weight_denom);
+        h->luma_log2_weight_denom = 0;
+    }
+    if (h->chroma_log2_weight_denom > 7U) {
+        av_log(h->avctx, AV_LOG_ERROR, "chroma_log2_weight_denom %d is out of range\n", h->chroma_log2_weight_denom);
+        h->chroma_log2_weight_denom = 0;
+    }
+
     luma_def   = 1 << h->luma_log2_weight_denom;
     chroma_def = 1 << h->chroma_log2_weight_denom;
author	Michael Niedermayer <michaelni@gmx.at>	2014-12-18 05:16:39 +0300
committer	Michael Niedermayer <michaelni@gmx.at>	2014-12-18 05:48:46 +0300
commit	96e2a4ba7402fa711efb8cf8adf4058d4748b71c (patch)
tree	aa5c5a12957d7524c56f09f8f98172cacb42e7be
parent	a9c0f905aa3bd5342ffa3a0e9d54172d4c541903 (diff)