diff mbox

[FFmpeg-devel] avcodec/av1_parse: Check obu_size

Message ID 20181014175656.27005-1-michael@niedermayer.cc
State Accepted
Commit c27c7b49dc00a955779ad4b6801a993da5a962de
Headers show

Commit Message

Michael Niedermayer Oct. 14, 2018, 5:56 p.m. UTC 
Fixes: out of array read
Fixes: SIGSEGV_get_obu_bit_length_av1_parse

Found-by: keval shah <skeval65@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/av1_parse.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

James Almer Oct. 14, 2018, 6:02 p.m. UTC | #1 
On 10/14/2018 2:56 PM, Michael Niedermayer wrote:
> Fixes: out of array read
> Fixes: SIGSEGV_get_obu_bit_length_av1_parse
> 
> Found-by: keval shah <skeval65@gmail.com>
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/av1_parse.h | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libavcodec/av1_parse.h b/libavcodec/av1_parse.h
> index 276af33ba9..864308f81d 100644
> --- a/libavcodec/av1_parse.h
> +++ b/libavcodec/av1_parse.h
> @@ -134,8 +134,8 @@ static inline int parse_obu_header(const uint8_t *buf, int buf_size,
>  
>      size = *obu_size + *start_pos;
>  
> -    if (size > INT_MAX)
> -        return AVERROR(ERANGE);
> +    if (size > buf_size)
> +        return AVERROR_INVALIDDATA;
>  
>      return size;
>  }

LGTM, thanks.
diff mbox

Patch

diff --git a/libavcodec/av1_parse.h b/libavcodec/av1_parse.h
index 276af33ba9..864308f81d 100644
--- a/libavcodec/av1_parse.h
+++ b/libavcodec/av1_parse.h
@@ -134,8 +134,8 @@  static inline int parse_obu_header(const uint8_t *buf, int buf_size,
 
     size = *obu_size + *start_pos;
 
-    if (size > INT_MAX)
-        return AVERROR(ERANGE);
+    if (size > buf_size)
+        return AVERROR_INVALIDDATA;
 
     return size;
 }