diff options
| -rw-r--r-- | libavcodec/dirac_parser.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/libavcodec/dirac_parser.c b/libavcodec/dirac_parser.c index 1ca7e31f1c..a8aa664ea9 100644 --- a/libavcodec/dirac_parser.c +++ b/libavcodec/dirac_parser.c @@ -100,7 +100,11 @@ typedef struct DiracParseUnit { static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc, int offset) { + int i; int8_t *start; + static const uint8_t valid_pu_types[] = { + 0x00, 0x10, 0x20, 0x30, 0x08, 0x48, 0xC8, 0xE8 + }; if (offset < 0 || pc->index - 13 < offset) return 0; @@ -111,17 +115,20 @@ static int unpack_parse_unit(DiracParseUnit *pu, DiracParseContext *pc, pu->next_pu_offset = AV_RB32(start + 5); pu->prev_pu_offset = AV_RB32(start + 9); + /* Check for valid parse code */ + for (i = 0; i < 8; i++) + if (valid_pu_types[i] == pu->pu_type) + break; + if (i == 8) + return 0; + if (pu->pu_type == 0x10 && pu->next_pu_offset == 0) - pu->next_pu_offset = 13; + pu->next_pu_offset = 13; /* The length of a parse info header */ - if (pu->next_pu_offset && pu->next_pu_offset < 13) { - av_log(NULL, AV_LOG_ERROR, "next_pu_offset %d is invalid\n", pu->next_pu_offset); + /* Check if the parse offsets are somewhat sane */ + if ((pu->next_pu_offset && pu->next_pu_offset < 13) || + (pu->prev_pu_offset && pu->prev_pu_offset < 13)) return 0; - } - if (pu->prev_pu_offset && pu->prev_pu_offset < 13) { - av_log(NULL, AV_LOG_ERROR, "prev_pu_offset %d is invalid\n", pu->prev_pu_offset); - return 0; - } return 1; } |