Blame 0001-h265parse-Ensure-codec_data-has-the-required-size-wh.patch

ff18ce
From d1f953d2c2cb4148363aa026d6a85b8b68159e51 Mon Sep 17 00:00:00 2001
ff18ce
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
ff18ce
Date: Wed, 23 Nov 2016 10:52:05 +0200
ff18ce
Subject: [PATCH 1/4] h265parse: Ensure codec_data has the required size when
ff18ce
 reading number of NAL arrays
ff18ce
ff18ce
https://bugzilla.gnome.org/show_bug.cgi?id=774896
ff18ce
---
ff18ce
 gst/videoparsers/gsth265parse.c | 10 +++++++++-
ff18ce
 1 file changed, 9 insertions(+), 1 deletion(-)
ff18ce
ff18ce
diff --git a/gst/videoparsers/gsth265parse.c b/gst/videoparsers/gsth265parse.c
ff18ce
index 26e7c48..d8e32e6 100644
ff18ce
--- a/gst/videoparsers/gsth265parse.c
ff18ce
+++ b/gst/videoparsers/gsth265parse.c
ff18ce
@@ -2018,6 +2018,7 @@ gst_h265_parse_set_caps (GstBaseParse * parse, GstCaps * caps)
ff18ce
       (value = gst_structure_get_value (str, "codec_data"))) {
ff18ce
     GstMapInfo map;
ff18ce
     guint8 *data;
ff18ce
+    guint num_nal_arrays;
ff18ce
 
ff18ce
     GST_DEBUG_OBJECT (h265parse, "have packetized h265");
ff18ce
     /* make note for optional split processing */
ff18ce
@@ -2046,8 +2047,15 @@ gst_h265_parse_set_caps (GstBaseParse * parse, GstCaps * caps)
ff18ce
     GST_DEBUG_OBJECT (h265parse, "nal length size %u",
ff18ce
         h265parse->nal_length_size);
ff18ce
 
ff18ce
+    num_nal_arrays = data[22];
ff18ce
     off = 23;
ff18ce
-    for (i = 0; i < data[22]; i++) {
ff18ce
+
ff18ce
+    for (i = 0; i < num_nal_arrays; i++) {
ff18ce
+      if (off + 3 >= size) {
ff18ce
+        gst_buffer_unmap (codec_data, &map);
ff18ce
+        goto hvcc_too_small;
ff18ce
+      }
ff18ce
+
ff18ce
       num_nals = GST_READ_UINT16_BE (data + off + 1);
ff18ce
       for (j = 0; j < num_nals; j++) {
ff18ce
         parseres = gst_h265_parser_identify_nalu_hevc (h265parse->nalparser,
ff18ce
-- 
ff18ce
2.9.3
ff18ce