From: jeanlf <jeanlf@gpac.io>
Date: Sat, 17 Dec 2022 11:11:34 +0000 (+0100)
Subject: [PATCH] fixed #2355
X-Git-Tag: archive/raspbian/1.0.1+dfsg1-4+rpi1+deb11u3^2~23
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=8add0b29d2548dad8c2101d9582603060aa763c4;p=gpac.git

[PATCH] fixed #2355


Gbp-Pq: Name CVE-2022-47657.patch
---

diff --git a/src/media_tools/av_parsers.c b/src/media_tools/av_parsers.c
index 6dc277a..50efd9e 100644
--- a/src/media_tools/av_parsers.c
+++ b/src/media_tools/av_parsers.c
@@ -7086,6 +7086,11 @@ static Bool hevc_parse_vps_extension(HEVC_VPS *vps, GF_BitStream *bs)
 		else {
 			vps->layer_id_in_nuh[i] = i;
 		}
+		if (vps->layer_id_in_nuh[i] > MAX_LHVC_LAYERS) {
+			GF_LOG(GF_LOG_ERROR, GF_LOG_CODING, ("[HEVC] %d layers in VPS ext but only %d supported in GPAC\n", vps->layer_id_in_nuh[i], MAX_LHVC_LAYERS));
+			vps->layer_id_in_nuh[i] = 0;
+			return -1;
+		}
 		vps->layer_id_in_vps[vps->layer_id_in_nuh[i]] = i;
 
 		if (!splitting_flag) {