[Bug 722081] h265parse: Fix segfault when parsing VPS

[GStreamer (bugzilla.gnome.org)]

https://bugzilla.gnome.org/show_bug.cgi?id=722081
  GStreamer | gst-plugins-bad | git

Sebastian Dröge (slomo) <slomo> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #266224|none                        |needs-work
             status|                            |

--- Comment #4 from Sebastian Dröge (slomo) <slomo at coaxion.net> 2014-01-14 09:24:47 UTC ---
Review of attachment 266224:
 --> (https://bugzilla.gnome.org/review?bug=722081&attachment=266224)

::: gst-libs/gst/codecparsers/gsth265parser.c
@@ -1716,3 @@
   /* setting default values if vps->sub_layer_ordering_info_present_flag is
zero */
   if (!vps->sub_layer_ordering_info_present_flag) {
-    for (i = 0; i <= (vps->max_sub_layers_minus1 - 1); i++) {

This doesn't look right. Should you just set all vps->max_sub_layers_minus1 of
these instead of all possible? Maybe just keep the current code and check for
vps->max_sub_layers_minus1 == 0 before going into the loop?

::: gst-libs/gst/codecparsers/gsth265parser.h
@@ +33,3 @@
 G_BEGIN_DECLS

+#define GST_H265_MAX_SUB_LAYERS    7

Are you sure 7 is correct? vps->max_sub_layers_minus1 is 3 bits, so can hold 8
values. And the vps->max_sub_layers_minus1 -th element of the array is
accessed, so array[8] in the worst case, needing a 9 element large array.

Does the spec specify something about this here?

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.