From 7bf3d0c44e06860d2ae26dc7b7764d64beabb727 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Wed, 23 Sep 2009 09:58:44 +0000
Subject: Check num_units_in_tick/time_scale to be valid and within the range
 we support. based on a patch by chrome

Originally committed as revision 19979 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/h264.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'libavcodec/h264.c')

diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 20ad778f29..31bd4a6af9 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -7087,6 +7087,10 @@ static inline int decode_vui_parameters(H264Context *h, SPS *sps){
     if(sps->timing_info_present_flag){
         sps->num_units_in_tick = get_bits_long(&s->gb, 32);
         sps->time_scale = get_bits_long(&s->gb, 32);
+        if(sps->num_units_in_tick-1 > 0x7FFFFFFEU || sps->time_scale-1 > 0x7FFFFFFEU){
+            av_log(h->s.avctx, AV_LOG_ERROR, "time_scale/num_units_in_tick inavlid or unsupported (%d/%d)\n", sps->time_scale, sps->num_units_in_tick);
+            return -1;
+        }
         sps->fixed_frame_rate_flag = get_bits1(&s->gb);
     }
 
-- 
cgit v1.2.3