[PATCH] fixed #2346

Gbp-Pq: Name CVE-2022-47095.patch

diff --git a/src/media_tools/av_parsers.c b/src/media_tools/av_parsers.c
index 71bac7f0938d886e71819a793f24bc4c49e1da81..6dc277a4d3c7c8ec1f4d1e5af24f57c63e65bf46 100644 (file)
--- a/src/media_tools/av_parsers.c
+++ b/src/media_tools/av_parsers.c
@@ -7060,18 +7060,20 @@ static Bool hevc_parse_vps_extension(HEVC_VPS *vps, GF_BitStream *bs)
                num_scalability_types = 16;
        }
        dimension_id_len[0] = 0;
-       for (i = 0; i < (num_scalability_types - splitting_flag); i++) {
-               dimension_id_len[i] = 1 + gf_bs_read_int(bs, 3);
-       }
-
-       if (splitting_flag) {
-               for (i = 0; i < num_scalability_types; i++) {
-                       dim_bit_offset[i] = 0;
-                       for (j = 0; j < i; j++)
-                               dim_bit_offset[i] += dimension_id_len[j];
-               }
-               dimension_id_len[num_scalability_types - 1] = 1 + (5 - dim_bit_offset[num_scalability_types - 1]);
-               dim_bit_offset[num_scalability_types] = 6;
+        if (num_scalability_types) {
+               for (i = 0; i < (num_scalability_types - splitting_flag); i++) {
+                       dimension_id_len[i] = 1 + gf_bs_read_int(bs, 3);
+               }
+
+               if (splitting_flag) {
+                       for (i = 0; i < num_scalability_types; i++) {
+                               dim_bit_offset[i] = 0;
+                               for (j = 0; j < i; j++)
+                                       dim_bit_offset[i] += dimension_id_len[j];
+                       }
+                       dimension_id_len[num_scalability_types - 1] = 1 + (5 - dim_bit_offset[num_scalability_types - 1]);
+                       dim_bit_offset[num_scalability_types] = 6;
+                }
        }
 
        vps_nuh_layer_id_present_flag = gf_bs_read_int(bs, 1);