Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / b48b7b4109868a8c0ddda090992e936e821c7ea6 / . / import-layers / meta-openembedded / meta-multimedia / recipes-multimedia / gstreamer-0.10 / gst-ffmpeg-0.10.13 / 0001-h264_sei-Fix-infinite-loop.patch
blob: 1e62b503604935fdb902f0f868bd7ac656e99dae [file] [log] [blame]
Patrick Williamsb48b7b42016-08-17 15:04:38 -0500[diff] [blame^]1gst-ffmpeg: h264_sei: Fix infinite loop.
2
3Fixsot yet fixed parts of CVE-2011-3946.
4
5Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
6Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
7
8Upstream-Status: Backport
9
10Signed-off-by: Yue Tao <yue.tao@windriver.com>
11
12---
13 libavcodec/h264_sei.c | 4 ++++
14 1 files changed, 4 insertions(+), 0 deletions(-)
15
16
17diff --git a/libavcodec/h264_sei.c b/libavcodec/h264_sei.c
18index 374e53d..80d70e5 100644
19--- a/gst-libs/ext/libav/libavcodec/h264_sei.c
20+++ b/gst-libs/ext/libav/libavcodec/h264_sei.c
21@@ -169,11 +169,15 @@ int ff_h264_decode_sei(H264Context *h){
22
23 type=0;
24 do{
25+ if (get_bits_left(&s->gb) < 8)
26+ return -1;
27 type+= show_bits(&s->gb, 8);
28 }while(get_bits(&s->gb, 8) == 255);
29
30 size=0;
31 do{
32+ if (get_bits_left(&s->gb) < 8)
33+ return -1;
34 size+= show_bits(&s->gb, 8);
35 }while(get_bits(&s->gb, 8) == 255);
36
37--
381.7.5.4
39