From 9f9440bd8122cc8798139c9370db0873a24ae14b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 27 Nov 2014 02:31:46 +0100 Subject: [PATCH] avcodec/hevc_ps: Check return code from pps_range_extensions() Fixes out of array read Fixes: asan_heap-oob_177e222_885_cov_1532528832_MERGE_D_TI_3.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/hevc_ps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 4e1c56163d..0d6ede2384 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -1375,7 +1375,8 @@ int ff_hevc_decode_nal_pps(HEVCContext *s) int pps_range_extensions_flag = get_bits1(gb); /* int pps_extension_7bits = */ get_bits(gb, 7); if (sps->ptl.general_ptl.profile_idc == FF_PROFILE_HEVC_REXT && pps_range_extensions_flag) { - pps_range_extensions(s, pps, sps); + if ((ret = pps_range_extensions(s, pps, sps)) < 0) + goto err; } }