mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-11-28 12:41:05 +00:00
Code Issues 1 Projects Releases Wiki Activity

libs: decoder: h265: untaint loop control variable

Browse source 
Coverity scan bug:

Scalars (for example, integers) are not properly
bounds-checked (sanitized) before being used as array or pointer
indexes, loop boundaries, or function arguments are considered as
tainted.

In this case, num_nals were not checked before used as loop control.
This commit is contained in:
Víctor Manuel Jáquez Leal 2017-08-08 15:38:16 +02:00
parent 9eddf6c004
commit d879664a0a
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
gst-libs/gst/vaapi/gstvaapidecoder_h265.c
View file

@ -2664,7 +2664,17 @@ gst_vaapi_decoder_h265_decode_codec_data (GstVaapiDecoder *
num_nal_arrays = buf[22]; num_nal_arrays = buf[22];
ofs = 23; ofs = 23;
for (i = 0; i < num_nal_arrays; i++) { for (i = 0; i < num_nal_arrays; i++) {
num_nals = GST_READ_UINT16_BE (buf + ofs + 1); const guchar *data;
if (ofs + 1 > buf_size)
return GST_VAAPI_DECODER_STATUS_ERROR_NO_DATA;
data = buf + ofs + 1;
if (!data)
return GST_VAAPI_DECODER_STATUS_ERROR_NO_DATA;
num_nals = GST_READ_UINT16_BE (data);
/* the max number of nals is GST_H265_MAX_PPS_COUNT (64) */
if (num_nals > 64)
return GST_VAAPI_DECODER_STATUS_ERROR_BITSTREAM_PARSER;
ofs += 3; ofs += 3;
for (j = 0; j < num_nals; j++) { for (j = 0; j < num_nals; j++) {