hevc: do generic validation of bitstream

[ffmpeg] / libavcodec / hevc_ps.c

diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c
index fe974bcbf2b58ed4d0c74a77f36b00fc6d486698..163c5e4aab3f8b2cac34c9a80438dc1948d6d8c5 100644 (file)
--- a/libavcodec/hevc_ps.c
+++ b/libavcodec/hevc_ps.c
@@ -452,6 +452,12 @@ int ff_hevc_decode_nal_vps(HEVCContext *s)
     }
     get_bits1(gb); /* vps_extension_flag */
 
+    if (get_bits_left(gb) < 0) {
+        av_log(s->avctx, AV_LOG_ERROR,
+               "Overread VPS by %d bits\n", -get_bits_left(gb));
+        goto err;
+    }
+
     av_buffer_unref(&s->vps_list[vps_id]);
     s->vps_list[vps_id] = vps_buf;
     return 0;
@@ -1050,6 +1056,12 @@ int ff_hevc_decode_nal_sps(HEVCContext *s)
         goto err;
     }
 
+    if (get_bits_left(gb) < 0) {
+        av_log(s->avctx, AV_LOG_ERROR,
+               "Overread SPS by %d bits\n", -get_bits_left(gb));
+        goto err;
+    }
+
     if (s->avctx->debug & FF_DEBUG_BITSTREAM) {
         av_log(s->avctx, AV_LOG_DEBUG,
                "Parsed SPS: id %d; coded wxh: %dx%d; "
@@ -1473,6 +1485,12 @@ int ff_hevc_decode_nal_pps(HEVCContext *s)
         }
     }
 
+    if (get_bits_left(gb) < 0) {
+        av_log(s->avctx, AV_LOG_ERROR,
+               "Overread PPS by %d bits\n", -get_bits_left(gb));
+        goto err;
+    }
+
     av_buffer_unref(&s->pps_list[pps_id]);
     s->pps_list[pps_id] = pps_buf;