diff options
| author | Reinhard Tartler <siretart@tauware.de> | 2010-02-09 19:02:39 +0000 |
|---|---|---|
| committer | Reinhard Tartler <siretart@tauware.de> | 2010-02-09 19:02:39 +0000 |
| commit | acac7858bd5066cb2e56cc353c8ae54786c1f623 (patch) | |
| tree | 6d3a889646a756ac694d659da6d8505bd10c189a | |
| parent | c42640b20049517ce641e802935db28c7cdc32ae (diff) | |
Check num_units_in_tick/time_scale to be valid and within the range we support.
based on a patch by chrome
backported r19979 by michael
Originally committed as revision 21715 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
| -rw-r--r-- | libavcodec/h264.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 91f20c9867..3ea61330ec 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -7016,6 +7016,10 @@ static inline int decode_vui_parameters(H264Context *h, SPS *sps){ if(sps->timing_info_present_flag){ sps->num_units_in_tick = get_bits_long(&s->gb, 32); sps->time_scale = get_bits_long(&s->gb, 32); + if(sps->num_units_in_tick-1 > 0x7FFFFFFEU || sps->time_scale-1 > 0x7FFFFFFEU){ + av_log(h->s.avctx, AV_LOG_ERROR, "time_scale/num_units_in_tick inavlid or unsupported (%d/%d)\n", sps->time_scale, sps->num_units_in_tick); + return -1; + } sps->fixed_frame_rate_flag = get_bits1(&s->gb); } |