Merge commit '01f9540320279954b2764645ab7136847d53d89f' into release/1.1
authorMichael Niedermayer <michaelni@gmx.at>
Fri, 8 Aug 2014 12:24:54 +0000 (14:24 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Fri, 8 Aug 2014 12:24:54 +0000 (14:24 +0200)
* commit '01f9540320279954b2764645ab7136847d53d89f':
  h264_sei: check SEI size

Conflicts:
libavcodec/h264_sei.c

Merged-by: Michael Niedermayer <michaelni@gmx.at>
1  2 
libavcodec/h264_sei.c

@@@ -220,9 -177,12 +220,15 @@@ int ff_h264_decode_sei(H264Context *h)
              size+= show_bits(&s->gb, 8);
          }while(get_bits(&s->gb, 8) == 255);
  
 +        if(s->avctx->debug&FF_DEBUG_STARTCODE)
 +            av_log(h->s.avctx, AV_LOG_DEBUG, "SEI %d len:%d\n", type, size);
 +
+         if (size > get_bits_left(&s->gb) / 8) {
+             av_log(s->avctx, AV_LOG_ERROR, "SEI type %d truncated at %d\n",
+                    type, get_bits_left(&s->gb));
+             return AVERROR_INVALIDDATA;
+         }
          switch(type){
          case SEI_TYPE_PIC_TIMING: // Picture timing SEI
              if(decode_picture_timing(h) < 0)