avcodec/hevcdec: Check beta and tc offset in hls_slice_header()
authorMichael Niedermayer <michael@niedermayer.cc>
Tue, 20 Jun 2017 12:32:50 +0000 (14:32 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Wed, 21 Jun 2017 00:25:23 +0000 (02:25 +0200)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/hevcdec.c

index 3dc3669..0c47802 100644 (file)
@@ -726,8 +726,17 @@ static int hls_slice_header(HEVCContext *s)
             if (deblocking_filter_override_flag) {
                 sh->disable_deblocking_filter_flag = get_bits1(gb);
                 if (!sh->disable_deblocking_filter_flag) {
-                    sh->beta_offset = get_se_golomb(gb) * 2;
-                    sh->tc_offset   = get_se_golomb(gb) * 2;
+                    int beta_offset_div2 = get_se_golomb(gb);
+                    int tc_offset_div2   = get_se_golomb(gb) ;
+                    if (beta_offset_div2 < -6 || beta_offset_div2 > 6 ||
+                        tc_offset_div2   < -6 || tc_offset_div2   > 6) {
+                        av_log(s->avctx, AV_LOG_ERROR,
+                            "Invalid deblock filter offsets: %d, %d\n",
+                            beta_offset_div2, tc_offset_div2);
+                        return AVERROR_INVALIDDATA;
+                    }
+                    sh->beta_offset = beta_offset_div2 * 2;
+                    sh->tc_offset   =   tc_offset_div2 * 2;
                 }
             } else {
                 sh->disable_deblocking_filter_flag = s->ps.pps->disable_dbf;