From 0c51b26729996bdf2acbf4fd34b74b4d14d92a33 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Thu, 27 Nov 2014 02:31:46 +0100 Subject: [PATCH] avcodec/hevc_ps: Check return code from pps_range_extensions() Fixes out of array read Fixes: asan_heap-oob_177e222_885_cov_1532528832_MERGE_D_TI_3.bit Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer (cherry picked from commit 9f9440bd8122cc8798139c9370db0873a24ae14b) Conflicts: libavcodec/hevc_ps.c --- libavcodec/hevc_ps.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavcodec/hevc_ps.c b/libavcodec/hevc_ps.c index 98d987dcf4..357ff75af4 100644 --- a/libavcodec/hevc_ps.c +++ b/libavcodec/hevc_ps.c @@ -1289,7 +1289,8 @@ int ff_hevc_decode_nal_pps(HEVCContext *s) if (sps->ptl.general_ptl.profile_idc == FF_PROFILE_HEVC_REXT && pps_range_extensions_flag) { av_log(s->avctx, AV_LOG_ERROR, "PPS extension flag is partially implemented.\n"); - pps_range_extensions(s, pps, sps); + if ((ret = pps_range_extensions(s, pps, sps)) < 0) + goto err; } }