shithub: dav1d

Info • Files • Log • Branches

ref: 50e876c60efd251ab7a5af36b0d39572dcce627c
parent: 8c2a89768692b0b1a7f9a1a0985d99319bd2918d
author: Wan-Teh Chang <wtc@google.com>
date: Tue Sep 15 17:55:14 EDT 2020

Ban op->idc that may drop all layer-specific OBUs

If c->operating_point_idc is nonzero and either bits 0-7 or bits 8-11 in
it are all 0s, it will cause dav1d_parse_obus() to drop all
layer-specific OBUs. Prohibit any op->idc with such properties because
it could be selected as c->operating_point_idc.

--- a/src/obu.c

+++ b/src/obu.c

@@ -112,6 +112,8 @@

             struct Dav1dSequenceHeaderOperatingPoint *const op =

                 &hdr->operating_points[i];

             op->idc = dav1d_get_bits(gb, 12);

+            if (op->idc && (!(op->idc & 0xff) || !(op->idc & 0xf00)))

+                goto error;

             op->major_level = 2 + dav1d_get_bits(gb, 3);

             op->minor_level = dav1d_get_bits(gb, 2);

             op->tier = op->major_level > 3 ? dav1d_get_bits(gb, 1) : 0;