@@ -88,17 +88,19 @@ static int evcc_parse_sps(const uint8_t *bs, int bs_size, EVCDecoderConfiguratio
{
GetBitContext gb;
unsigned sps_seq_parameter_set_id;
+ int ret;
bs += EVC_NALU_HEADER_SIZE;
bs_size -= EVC_NALU_HEADER_SIZE;
- if (init_get_bits8(&gb, bs, bs_size) < 0)
- return 0;
+ ret = init_get_bits8(&gb, bs, bs_size);
+ if (ret < 0)
+ return ret;
sps_seq_parameter_set_id = get_ue_golomb_31(&gb);
if (sps_seq_parameter_set_id >= EVC_MAX_SPS_COUNT)
- return 0;
+ return AVERROR_INVALIDDATA;
// the Baseline profile is indicated by profile_idc eqal to 0
// the Main profile is indicated by profile_idc eqal to 1
@@ -114,12 +116,17 @@ static int evcc_parse_sps(const uint8_t *bs, int bs_size, EVCDecoderConfiguratio
// 2 - 4:2:2
// 3 - 4:4:4
evcc->chroma_format_idc = get_ue_golomb_31(&gb);
+ if (sps_seq_parameter_set_id > 3)
+ return AVERROR_INVALIDDATA;
evcc->pic_width_in_luma_samples = get_ue_golomb_long(&gb);
evcc->pic_height_in_luma_samples = get_ue_golomb_long(&gb);
evcc->bit_depth_luma_minus8 = get_ue_golomb_31(&gb);
evcc->bit_depth_chroma_minus8 = get_ue_golomb_31(&gb);
+ // EVCDecoderConfigurationRecord can't store values > 7. Limit it to bit depth 14.
+ if (evcc->bit_depth_luma_minus8 > 6 || evcc->bit_depth_chroma_minus8 > 6)
+ return AVERROR_INVALIDDATA;
return 0;
}
Signed-off-by: James Almer <jamrial@gmail.com> --- libavformat/evc.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-)