h264_sei: check SEI size

author Michael Niedermayer <michaelni@gmx.at>

Thu, 19 Sep 2013 14:26:25 +0000 (16:26 +0200)

committer Anton Khirnov <anton@khirnov.net>

Tue, 24 Sep 2013 11:24:29 +0000 (13:24 +0200)
author Michael Niedermayer <michaelni@gmx.at>
Thu, 19 Sep 2013 14:26:25 +0000 (16:26 +0200)
committer Anton Khirnov <anton@khirnov.net>
Tue, 24 Sep 2013 11:24:29 +0000 (13:24 +0200)
diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c

index 47f9c14..27a2c76 100644 (file)
--- a/libavcodec/h264_sei.c
+++ b/libavcodec/h264_sei.c
@@ -190,6 +190,12 @@ int ff_h264_decode_sei(H264Context *h)
              size += show_bits(&h->gb, 8);
          while (get_bits(&h->gb, 8) == 255);
  
+        if (size > get_bits_left(&h->gb) / 8) {
+            av_log(h->avctx, AV_LOG_ERROR, "SEI type %d truncated at %d\n",
+                   type, get_bits_left(&h->gb));
+            return AVERROR_INVALIDDATA;
+        }
+
          switch (type) {
          case SEI_TYPE_PIC_TIMING: // Picture timing SEI
              ret = decode_picture_timing(h);
author	Michael Niedermayer <michaelni@gmx.at>
	Thu, 19 Sep 2013 14:26:25 +0000 (16:26 +0200)
committer	Anton Khirnov <anton@khirnov.net>
	Tue, 24 Sep 2013 11:24:29 +0000 (13:24 +0200)