From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 9926A4C22F for ; Fri, 2 May 2025 19:29:33 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D1B7A68B482; Fri, 2 May 2025 22:29:23 +0300 (EEST) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 60FD7687BC6 for ; Fri, 2 May 2025 22:29:09 +0300 (EEST) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-22c3407a87aso37902215ad.3 for ; Fri, 02 May 2025 12:29:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746214147; x=1746818947; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Rf9XSfZqvC62N9XUd1ZAS1TnhgiDpNa+hdGWM23Rj7w=; b=QFNPdsG88nGT02VtlPwHdQRvrWCVUTT1m1rppsfp8DhSd/jObYtTbXxQKnUATIwmZJ SFF6OSGifCZmgB0mGQwufmgAioz0Oqmtvm85HL8yxo1fZCywWE8Ph5HxKiq75an3OeVb ocwi/wMA+IOAZ0xHIMovtEVONKouz1QtvTCrsLAlJNzT5tJbu86YSgX8qdqJhID+qJdY duEN6bwmk4PGgRYN3Z7FszMBVBCZiaRd5bHEGpC6nA+kj/9DJIbu+1tMHbH4QILfHoQh cLeQeIwAKoBH8mip6dGFhZ33oo8PoWJkceYMU0HpRyQ5126PkpSZLg2U8UAZ3a6HPpxw LsfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746214147; x=1746818947; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Rf9XSfZqvC62N9XUd1ZAS1TnhgiDpNa+hdGWM23Rj7w=; b=DF2YYBpCDjSY7tugwZYb32R7D/SYJNXxeIt8j7nBXQpdHCdeLajByAxvmO3VBmNga/ 8D+mR3aKZOT9oXyPzv3tKsxfw+cxIutBKxTUYVaZK325a8rZOnIP05ObUI9CaXbFjBIa 2iDOoCBXNDkDb5NHcCUGTesoc3yZGIzT03LQDyuzTcGpHydva7uEgv+1FS0ZhYCbQbEQ f7WfV/FY0Q3gNPYk5owK8hUOVpvop1zy+GhNcxVxmswWdYaEx/ujjFGo3LJzVtsh4VDm N9lGi6li1D40DygARr/0T99Jo8A37o16zvfcmNid74O075gctkG9PaHDovYtg+UTrY1z cYUw== X-Gm-Message-State: AOJu0YyikuDQJnT+MBuqnhqDoIeflfBLziK1FuC3OYQTsPS2H5bm3hVv jyJf2omEf2kbvE8H4hYpkI7Hj+nzm0Sp40R3xwNKgsDto79KOzV+igBR7w== X-Gm-Gg: ASbGncsGAG0Sj1Vd4rfeedOw3YUayiDKlYmpfUQyks9wulfiueL+JZlqS/3GAQsHv5D 2zCb9jfvGHTA+SA3jLDZfaukFWKCY/yHmtLBqYz6qCFz7XPfdIr3H8Fu0Xjn4HzwC8iLBaGRvt2 nLTDK16m3af8eNEnmf5E3pHHpjZpMMifvXlRndMSwWIpvGaleXZOaep05qhd3VYv6wXUC3k2wVX HeofIYW2AXgrrO4J6n7pO+4afIJ+1q8jOJWCe7poyv03OaRsalrKCXOm0AkxgId12xklSck9BC8 cgoKPf0RocriZSILE1uKy/PYo+tvlJBNHyRpA7aFNT7zpOWm+UhqZulShjg= X-Google-Smtp-Source: AGHT+IGWNBVsDngpKGNpLVjsvUYidHOuUVfB7wvtep2hURL2UNdxO3r/VDOrZNpd81fKRrOlguDfBA== X-Received: by 2002:a17:903:94f:b0:224:376:7a21 with SMTP id d9443c01a7336-22e1034449bmr61350635ad.42.1746214146970; Fri, 02 May 2025 12:29:06 -0700 (PDT) Received: from localhost.localdomain ([2800:2121:b000:82e:7515:be2f:8c70:c0ae]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22e150eae40sm11663555ad.31.2025.05.02.12.29.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 May 2025 12:29:06 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Fri, 2 May 2025 16:28:46 -0300 Message-ID: <20250502192846.3145-2-jamrial@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250502192846.3145-1-jamrial@gmail.com> References: <20250502192846.3145-1-jamrial@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/2] avcodec/hevc/hevcdec: move the slice header buffer overread check up in the function X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Abort as soon as we're done reading the slice header instead of running extra checks that assume slice data may follow. Signed-off-by: James Almer --- libavcodec/hevc/hevcdec.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libavcodec/hevc/hevcdec.c b/libavcodec/hevc/hevcdec.c index df186d6194..a7a91769fe 100644 --- a/libavcodec/hevc/hevcdec.c +++ b/libavcodec/hevc/hevcdec.c @@ -1160,6 +1160,12 @@ static int hls_slice_header(SliceHeader *sh, const HEVCContext *s, GetBitContext } sh->data_offset = align_get_bits(gb) - gb->buffer; + if (get_bits_left(gb) < 0) { + av_log(s->avctx, AV_LOG_ERROR, + "Overread slice header by %d bits\n", -get_bits_left(gb)); + return AVERROR_INVALIDDATA; + } + // Inferred parameters sh->slice_qp = 26U + pps->pic_init_qp_minus26 + sh->slice_qp_delta; if (sh->slice_qp > 51 || @@ -1180,12 +1186,6 @@ static int hls_slice_header(SliceHeader *sh, const HEVCContext *s, GetBitContext return AVERROR_INVALIDDATA; } - if (get_bits_left(gb) < 0) { - av_log(s->avctx, AV_LOG_ERROR, - "Overread slice header by %d bits\n", -get_bits_left(gb)); - return AVERROR_INVALIDDATA; - } - return 0; } -- 2.49.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".