[PATCH] error on out-of-range cpb_cnt_minus1 (oss-fuzz issue 27590)

author Dirk Farin <dirk.farin@gmail.com>

Tue, 5 Apr 2022 07:52:57 +0000 (09:52 +0200)

committer Philipp Kern <pkern@debian.org>

Sun, 16 Oct 2022 13:26:20 +0000 (14:26 +0100)
author Dirk Farin <dirk.farin@gmail.com>
Tue, 5 Apr 2022 07:52:57 +0000 (09:52 +0200)
committer Philipp Kern <pkern@debian.org>
Sun, 16 Oct 2022 13:26:20 +0000 (14:26 +0100)
diff --git a/libde265/sps.cc b/libde265/sps.cc

index 47c157a4ded0a30f9fc1250009177b31756fc74e..387ea756fb6d23812330665542a37dff4064d494 100644 (file)
--- a/libde265/sps.cc
+++ b/libde265/sps.cc
@@ -425,7 +425,10 @@ de265_error seq_parameter_set::read(error_queue* errqueue, bitreader* br)
  
    vui_parameters_present_flag = get_bits(br,1);
    if (vui_parameters_present_flag) {
-    vui.read(errqueue, br, this);
+    de265_error err = vui.read(errqueue, br, this);
+    if (err) {
+      return err;
+    }
    }
  
  
diff --git a/libde265/vui.cc b/libde265/vui.cc

index b5f46ac7fc360dc20804f05b416c0d331d13bf17..76086ff2939fd83028df8d111ea2a7ace6a2e268 100644 (file)
--- a/libde265/vui.cc
+++ b/libde265/vui.cc
@@ -201,6 +201,9 @@ de265_error video_usability_information::hrd_parameters(error_queue* errqueue, b
      if (!low_delay_hrd_flag[i])
      {
        READ_VLC_OFFSET(cpb_cnt_minus1[i], uvlc, 0);
+      if (cpb_cnt_minus1[i] > 31) {
+       return DE265_ERROR_CODED_PARAMETER_OUT_OF_RANGE;
+      }
      }
  
      for (nalOrVcl = 0; nalOrVcl < 2; nalOrVcl++)
@@ -361,6 +364,9 @@ de265_error video_usability_information::read(error_queue* errqueue, bitreader*
      if (vui_hrd_parameters_present_flag) {
        de265_error err;
        err = hrd_parameters(errqueue, br, sps);
+      if (err) {
+       return err;
+      }
      }
    }
author	Dirk Farin <dirk.farin@gmail.com>
	Tue, 5 Apr 2022 07:52:57 +0000 (09:52 +0200)
committer	Philipp Kern <pkern@debian.org>
	Sun, 16 Oct 2022 13:26:20 +0000 (14:26 +0100)
libde265/sps.cc		patch \| blob \| history
libde265/vui.cc		patch \| blob \| history