]> git.sesse.net Git - ffmpeg/commitdiff
projects / ffmpeg / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fe0089a)
h264_sei: Fix infinite loop.
authorMichael Niedermayer <michaelni@gmx.at>
Thu, 26 Jan 2012 18:31:01 +0000 (19:31 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Thu, 26 Jan 2012 18:54:38 +0000 (19:54 +0100)
Fixes not yet fixed parts of CVE-2011-3946.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/h264_sei.c patch | blob | history

diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c
index 374e53dfcf765c15105d3ea877fd8314116731d4..80d70e513caa31212201dce894a783e9f0512f39 100644 (file)
--- a/libavcodec/h264_sei.c
+++ b/libavcodec/h264_sei.c
@@ -169,11 +169,15 @@ int ff_h264_decode_sei(H264Context *h){
 
         type=0;
         do{
+            if (get_bits_left(&s->gb) < 8)
+                return -1;
             type+= show_bits(&s->gb, 8);
         }while(get_bits(&s->gb, 8) == 255);
 
         size=0;
         do{
+            if (get_bits_left(&s->gb) < 8)
+                return -1;
             size+= show_bits(&s->gb, 8);
         }while(get_bits(&s->gb, 8) == 255);
 
Unnamed repository; edit this file 'description' to name the repository.