Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There is a integer overflow in media_tools/av_parsers.c:6568, function hevc_parse_slice_segment. Below code: ` pps_id = gf_bs_read_ue_log(bs, "pps_id"); if (pps_id >= 64) return -1;
pps = &hevc->pps[pps_id]; sps = &hevc->sps[pps->sps_id]; si->sps = sps; si->pps = pps;
` However, function may return a negative number to pps_id, which smaller than 64. Results a crash in followed execution.
In command Line: gpac -info bug4
In gdb:
The crafted file is in the attached zip: bug4.zip
The text was updated successfully, but these errors were encountered:
add safety in avc/hevc/vvc sps/pps/vps ID check - cf #1720 #1721 #1722
51cdb67
could not reproduce crash with latest master, but added safety checks. Thanks for the report
Sorry, something went wrong.
No branches or pull requests
There is a integer overflow in media_tools/av_parsers.c:6568, function hevc_parse_slice_segment.
Below code:
`
pps_id = gf_bs_read_ue_log(bs, "pps_id");
if (pps_id >= 64)
return -1;
`
However, function may return a negative number to pps_id, which smaller than 64.
Results a crash in followed execution.
In command Line:

gpac -info bug4
In gdb:

The crafted file is in the attached zip:
bug4.zip
The text was updated successfully, but these errors were encountered: