From: Anton Khirnov Date: Sun, 2 Feb 2014 12:35:48 +0000 (+0100) Subject: hevc: check that the VCL NAL types are the same for all slice segments of a frame X-Git-Tag: v10_beta1~103 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b25e84b7399bd91605596b67d761d3464dbe8a6e;p=platform%2Fupstream%2Flibav.git hevc: check that the VCL NAL types are the same for all slice segments of a frame Fixes possible invalid memory access for mismatching skipped/non-skipped slice segments. Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Sample-Id: 00001533-google --- diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c index bc89b17..8d9324a 100644 --- a/libavcodec/hevc.c +++ b/libavcodec/hevc.c @@ -2471,6 +2471,7 @@ static int hevc_frame_start(HEVCContext *s) lc->start_of_tiles_x = 0; s->is_decoded = 0; + s->first_nal_type = s->nal_unit_type; if (s->pps->tiles_enabled_flag) lc->end_of_tiles_x = s->pps->column_width[0] << s->sps->log2_ctb_size; @@ -2595,6 +2596,13 @@ static int decode_nal_unit(HEVCContext *s, const uint8_t *nal, int length) return AVERROR_INVALIDDATA; } + if (s->nal_unit_type != s->first_nal_type) { + av_log(s->avctx, AV_LOG_ERROR, + "Non-matching NAL types of the VCL NALUs: %d %d\n", + s->first_nal_type, s->nal_unit_type); + return AVERROR_INVALIDDATA; + } + if (!s->sh.dependent_slice_segment_flag && s->sh.slice_type != I_SLICE) { ret = ff_hevc_slice_rpl(s); diff --git a/libavcodec/hevc.h b/libavcodec/hevc.h index a674899..accfcb6 100644 --- a/libavcodec/hevc.h +++ b/libavcodec/hevc.h @@ -840,6 +840,8 @@ typedef struct HEVCContext { HEVCNAL *nals; int nb_nals; int nals_allocated; + // type of the first VCL NAL of the current frame + enum NALUnitType first_nal_type; // for checking the frame checksums struct AVMD5 *md5_ctx;