Check num_units_in_tick/time_scale to be valid and within the range we support.
authorReinhard Tartler <siretart@tauware.de>
Tue, 9 Feb 2010 19:02:39 +0000 (19:02 +0000)
committerReinhard Tartler <siretart@tauware.de>
Tue, 9 Feb 2010 19:02:39 +0000 (19:02 +0000)
based on a patch by chrome

backported r19979 by michael

Originally committed as revision 21715 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5

libavcodec/h264.c

index 91f20c9..3ea6133 100644 (file)
@@ -7016,6 +7016,10 @@ static inline int decode_vui_parameters(H264Context *h, SPS *sps){
     if(sps->timing_info_present_flag){
         sps->num_units_in_tick = get_bits_long(&s->gb, 32);
         sps->time_scale = get_bits_long(&s->gb, 32);
     if(sps->timing_info_present_flag){
         sps->num_units_in_tick = get_bits_long(&s->gb, 32);
         sps->time_scale = get_bits_long(&s->gb, 32);
+        if(sps->num_units_in_tick-1 > 0x7FFFFFFEU || sps->time_scale-1 > 0x7FFFFFFEU){
+            av_log(h->s.avctx, AV_LOG_ERROR, "time_scale/num_units_in_tick inavlid or unsupported (%d/%d)\n", sps->time_scale, sps->num_units_in_tick);
+            return -1;
+        }
         sps->fixed_frame_rate_flag = get_bits1(&s->gb);
     }
 
         sps->fixed_frame_rate_flag = get_bits1(&s->gb);
     }