summaryrefslogtreecommitdiff
path: root/libavcodec/h264.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2005-01-12 00:16:25 +0000
committerMichael Niedermayer <michaelni@gmx.at>2005-01-12 00:16:25 +0000
commit0ecca7a49f8e254c12a3a1de048d738bfbb614c6 (patch)
tree816c7073739d918ca579171204e6d3caf9977da5 /libavcodec/h264.c
parentf14d4e7e21c48967c1a877fa9c4eb9943d2c30f5 (diff)
various security fixes and precautionary checks
Originally committed as revision 3822 to svn://svn.ffmpeg.org/ffmpeg/trunk
Diffstat (limited to 'libavcodec/h264.c')
-rw-r--r--libavcodec/h264.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 5267b25f2f..22106a9090 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -5862,6 +5862,10 @@ static inline int decode_seq_parameter_set(H264Context *h){
sps->gaps_in_frame_num_allowed_flag= get_bits1(&s->gb);
sps->mb_width= get_ue_golomb(&s->gb) + 1;
sps->mb_height= get_ue_golomb(&s->gb) + 1;
+ if((unsigned)sps->mb_width >= INT_MAX/16 || (unsigned)sps->mb_height >= INT_MAX/16 ||
+ avcodec_check_dimensions(NULL, 16*sps->mb_width, 16*sps->mb_height))
+ return -1;
+
sps->frame_mbs_only_flag= get_bits1(&s->gb);
if(!sps->frame_mbs_only_flag)
sps->mb_aff= get_bits1(&s->gb);
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 19:02:16 +0000