h264: check for luma and chroma bit depth being equal
authorLuca Barbato <lu_zero@gentoo.org>
Sun, 10 Mar 2013 01:50:52 +0000 (02:50 +0100)
committerLuca Barbato <lu_zero@gentoo.org>
Tue, 12 Mar 2013 19:05:39 +0000 (20:05 +0100)
The decoder assumes a single bit depth for all the planes while
the specification allows different bit depths for luma and chroma.

Avoid the possible problems described in CVE-2013-2277

libavcodec/h264.c

index f3a47fe..da865c6 100644 (file)
@@ -4055,6 +4055,12 @@ static int decode_nal_units(H264Context *h, const uint8_t *buf, int buf_size){
             if(avctx->has_b_frames < 2)
                 avctx->has_b_frames= !s->low_delay;
 
+            if (h->sps.bit_depth_luma != h->sps.bit_depth_chroma) {
+                av_log_missing_feature(s->avctx,
+                    "Different bit depth between chroma and luma", 1);
+                return AVERROR_PATCHWELCOME;
+            }
+
             if (avctx->bits_per_raw_sample != h->sps.bit_depth_luma ||
                 h->cur_chroma_format_idc != h->sps.chroma_format_idc) {
                 if (h->sps.bit_depth_luma >= 8 && h->sps.bit_depth_luma <= 10) {