From 84df6d6a85e2136be60fd34bb57dd00705a01e28 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 19 Sep 2013 16:26:25 +0200 Subject: [PATCH 1/2] h264_sei: check SEI size Signed-off-by: Anton Khirnov --- libavcodec/h264_sei.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c index 47f9c14d7d..27a2c7689c 100644 --- a/libavcodec/h264_sei.c +++ b/libavcodec/h264_sei.c @@ -190,6 +190,12 @@ int ff_h264_decode_sei(H264Context *h) size += show_bits(&h->gb, 8); while (get_bits(&h->gb, 8) == 255); + if (size > get_bits_left(&h->gb) / 8) { + av_log(h->avctx, AV_LOG_ERROR, "SEI type %d truncated at %d\n", + type, get_bits_left(&h->gb)); + return AVERROR_INVALIDDATA; + } + switch (type) { case SEI_TYPE_PIC_TIMING: // Picture timing SEI ret = decode_picture_timing(h); From a454dec19aa6666b555deec431bc42eda391d7b6 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 22 Sep 2013 05:42:18 -0500 Subject: [PATCH 2/2] pixdesc: fix NV20* descriptors They were inconsistent (overlapping fields and wrong sizes) Signed-off-by: Anton Khirnov --- libavutil/pixdesc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libavutil/pixdesc.c b/libavutil/pixdesc.c index c44bc16cc4..49c9072323 100644 --- a/libavutil/pixdesc.c +++ b/libavutil/pixdesc.c @@ -1410,9 +1410,9 @@ const AVPixFmtDescriptor av_pix_fmt_descriptors[AV_PIX_FMT_NB] = { .log2_chroma_w = 1, .log2_chroma_h = 0, .comp = { - { 0, 0, 1, 0, 9 }, /* Y */ - { 1, 1, 1, 0, 9 }, /* U */ - { 1, 1, 3, 0, 9 }, /* V */ + { 0, 1, 1, 0, 9 }, /* Y */ + { 1, 3, 1, 0, 9 }, /* U */ + { 1, 3, 3, 0, 9 }, /* V */ }, .flags = AV_PIX_FMT_FLAG_PLANAR, }, @@ -1422,9 +1422,9 @@ const AVPixFmtDescriptor av_pix_fmt_descriptors[AV_PIX_FMT_NB] = { .log2_chroma_w = 1, .log2_chroma_h = 0, .comp = { - { 0, 0, 1, 0, 9 }, /* Y */ - { 1, 1, 1, 0, 9 }, /* U */ - { 1, 1, 3, 0, 9 }, /* V */ + { 0, 1, 1, 0, 9 }, /* Y */ + { 1, 3, 1, 0, 9 }, /* U */ + { 1, 3, 3, 0, 9 }, /* V */ }, .flags = AV_PIX_FMT_FLAG_PLANAR | AV_PIX_FMT_FLAG_BE, },