diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2016-08-18 20:41:31 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2016-08-18 23:36:18 +0200 |
commit | cc13bc8c4f0f4afa30d0b94c3f3a369ccd2aaf0b (patch) | |
tree | cc951b2cf772d43ea307d0fb7bced2a8325a1763 /libavcodec/h2645_parse.h | |
parent | e2a39b103e5917780744fed6fd4336cf65a220f4 (diff) |
avcodec/h2645: Fix NAL unit padding
The parser changes have lost the support for the needed padding, this adds it back
Fixes out of array reads
Fixes: 03ea21d271abc8acf428d42ace51d8b4/asan_heap-oob_3358eef_5692_16f0cc01ab5225e9ce591659e5c20e35.mkv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec/h2645_parse.h')
-rw-r--r-- | libavcodec/h2645_parse.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/libavcodec/h2645_parse.h b/libavcodec/h2645_parse.h index a3c7e1f814..630235994e 100644 --- a/libavcodec/h2645_parse.h +++ b/libavcodec/h2645_parse.h @@ -26,6 +26,8 @@ #include "avcodec.h" #include "get_bits.h" +#define MAX_MBPAIR_SIZE (256*1024) // a tighter bound could be calculated if someone cares about a few bytes + typedef struct H2645NAL { uint8_t *rbsp_buffer; int rbsp_buffer_size; @@ -74,14 +76,14 @@ typedef struct H2645Packet { * Extract the raw (unescaped) bitstream. */ int ff_h2645_extract_rbsp(const uint8_t *src, int length, - H2645NAL *nal); + H2645NAL *nal, int small_padding); /** * Split an input packet into NAL units. */ int ff_h2645_packet_split(H2645Packet *pkt, const uint8_t *buf, int length, void *logctx, int is_nalff, int nal_length_size, - enum AVCodecID codec_id); + enum AVCodecID codec_id, int small_padding); /** * Free all the allocated memory in the packet. |