fix some exploitable overflows (#994, #997)
Gbp-Pq: Name CVE-2018-7752.patch
/* \endcond */
+#define ARRAY_LENGTH(a) (sizeof(a) / sizeof((a)[0]))
#ifdef __cplusplus
}
op->output_layer_set_idx = gf_bs_read_u16(bs);
op->max_temporal_id = gf_bs_read_u8(bs);
op->layer_count = gf_bs_read_u8(bs);
+ if (op->layer_count > ARRAY_LENGTH(op->layers_info))
+ return GF_NON_COMPLIANT_BITSTREAM;
for (j = 0; j < op->layer_count; j++) {
op->layers_info[j].ptl_idx = gf_bs_read_u8(bs);
op->layers_info[j].layer_id = gf_bs_read_int(bs, 6);
sps->offset_for_non_ref_pic = bs_get_se(bs);
sps->offset_for_top_to_bottom_field = bs_get_se(bs);
sps->poc_cycle_length = bs_get_ue(bs);
+ if (sps->poc_cycle_length > ARRAY_LENGTH(sps->offset_for_ref_frame)) {
+ GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, ("[avc-h264] offset_for_ref_frame overflow from poc_cycle_length\n"));
+ goto exit;
+ }
for(i=0; i<sps->poc_cycle_length; i++) sps->offset_for_ref_frame[i] = bs_get_se(bs);
}
if (sps->poc_type > 2) {
projects / gpac.git / commitdiff