h265parse: Ensure codec_data has the required size when reading number of NAL arrays

https://bugzilla.gnome.org/show_bug.cgi?id=774896
This commit is contained in:
Sebastian Dröge 2016-11-23 10:52:05 +02:00
parent 1dbfef93d6
commit 43736e5c37

View file

@ -2016,6 +2016,7 @@ gst_h265_parse_set_caps (GstBaseParse * parse, GstCaps * caps)
(value = gst_structure_get_value (str, "codec_data"))) { (value = gst_structure_get_value (str, "codec_data"))) {
GstMapInfo map; GstMapInfo map;
guint8 *data; guint8 *data;
guint num_nal_arrays;
GST_DEBUG_OBJECT (h265parse, "have packetized h265"); GST_DEBUG_OBJECT (h265parse, "have packetized h265");
/* make note for optional split processing */ /* make note for optional split processing */
@ -2044,8 +2045,15 @@ gst_h265_parse_set_caps (GstBaseParse * parse, GstCaps * caps)
GST_DEBUG_OBJECT (h265parse, "nal length size %u", GST_DEBUG_OBJECT (h265parse, "nal length size %u",
h265parse->nal_length_size); h265parse->nal_length_size);
num_nal_arrays = data[22];
off = 23; off = 23;
for (i = 0; i < data[22]; i++) {
for (i = 0; i < num_nal_arrays; i++) {
if (off + 3 >= size) {
gst_buffer_unmap (codec_data, &map);
goto hvcc_too_small;
}
num_nals = GST_READ_UINT16_BE (data + off + 1); num_nals = GST_READ_UINT16_BE (data + off + 1);
off += 3; off += 3;
for (j = 0; j < num_nals; j++) { for (j = 0; j < num_nals; j++) {