[PATCH] fixed #2366

author jeanlf <jeanlf@gpac.io>

Wed, 4 Jan 2023 09:56:03 +0000 (10:56 +0100)

committer Aron Xu <aron@debian.org>

Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)
author jeanlf <jeanlf@gpac.io>
Wed, 4 Jan 2023 09:56:03 +0000 (10:56 +0100)
committer Aron Xu <aron@debian.org>
Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)
diff --git a/src/media_tools/av_parsers.c b/src/media_tools/av_parsers.c

index 3ae894b588e7321a76ef4253c089e6a898a972e4..40f9bd2aaadee5375b51ca3034f97937a97ac0ff 100644 (file)
--- a/src/media_tools/av_parsers.c
+++ b/src/media_tools/av_parsers.c
@@ -5558,9 +5558,10 @@ static s32 avc_parse_slice(GF_BitStream *bs, AVCState *avc, Bool svc_idr_flag, A
         if (si->slice_type > 9) return -1;
  
         pps_id = gf_bs_get_ue(bs);
-       if ((pps_id < 0) || (pps_id > 255)) return -1;
+       if ((pps_id < 0) || (pps_id >= 255)) return -1;
         si->pps = &avc->pps[pps_id];
         if (!si->pps->slice_group_count) return -2;
+        if (si->pps->sps_id>=32) return -1;
         si->sps = &avc->sps[si->pps->sps_id];
         if (!si->sps->log2_max_frame_num) return -2;
         avc->sps_active_idx = si->pps->sps_id;
@@ -5668,7 +5669,7 @@ static s32 svc_parse_slice(GF_BitStream *bs, AVCState *avc, AVCSliceInfo *si)
         if (si->slice_type > 9) return -1;
  
         pps_id = gf_bs_get_ue(bs);
-       if ((pps_id < 0) || (pps_id > 255))
+       if ((pps_id < 0) || (pps_id >= 255))
                 return -1;
         si->pps = &avc->pps[pps_id];
         si->pps->id = pps_id;
author	jeanlf <jeanlf@gpac.io>
	Wed, 4 Jan 2023 09:56:03 +0000 (10:56 +0100)
committer	Aron Xu <aron@debian.org>
	Tue, 23 May 2023 11:53:25 +0000 (12:53 +0100)