Skip to content

Commit

Permalink
decoder/stateless/h264: perform index range check
Browse files Browse the repository at this point in the history 
We might get an out-of-bounds index with an invalid stream - check that
the index is valid before addressing.

This issue has been revealed by fuzzing.
  • Loading branch information
@Gnurou @rosetta-jpn
Gnurou authored and rosetta-jpn committed Oct 17, 2024
1 parent 9979b2b commit 6e5565c
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/decoder/stateless/h264.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -607,6 +607,9 @@ where
.find_short_term_with_pic_num(pic_num_lx)
.with_context(|| format!("No ShortTerm reference found with pic_num {}", pic_num_lx))?;

if *ref_idx_lx >= ref_pic_list_x.len() {
anyhow::bail!("invalid ref_idx_lx index");
}
ref_pic_list_x.insert(*ref_idx_lx, handle);
*ref_idx_lx += 1;

Expand Down Expand Up @@ -651,6 +654,9 @@ where
)
})?;

if *ref_idx_lx >= ref_pic_list_x.len() {
anyhow::bail!("invalid ref_idx_lx index");
}
ref_pic_list_x.insert(*ref_idx_lx, handle);
*ref_idx_lx += 1;

Expand Down

0 comments on commit 6e5565c

Please sign in to comment.