From acac7858bd5066cb2e56cc353c8ae54786c1f623 Mon Sep 17 00:00:00 2001 From: Reinhard Tartler Date: Tue, 9 Feb 2010 19:02:39 +0000 Subject: [PATCH] Check num_units_in_tick/time_scale to be valid and within the range we support. based on a patch by chrome backported r19979 by michael Originally committed as revision 21715 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5 --- libavcodec/h264.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/h264.c b/libavcodec/h264.c index 91f20c9867..3ea61330ec 100644 --- a/libavcodec/h264.c +++ b/libavcodec/h264.c @@ -7016,6 +7016,10 @@ static inline int decode_vui_parameters(H264Context *h, SPS *sps){ if(sps->timing_info_present_flag){ sps->num_units_in_tick = get_bits_long(&s->gb, 32); sps->time_scale = get_bits_long(&s->gb, 32); + if(sps->num_units_in_tick-1 > 0x7FFFFFFEU || sps->time_scale-1 > 0x7FFFFFFEU){ + av_log(h->s.avctx, AV_LOG_ERROR, "time_scale/num_units_in_tick inavlid or unsupported (%d/%d)\n", sps->time_scale, sps->num_units_in_tick); + return -1; + } sps->fixed_frame_rate_flag = get_bits1(&s->gb); }