# HG changeset patch
# User michael
# Date 1253699924 0
# Node ID c2fc56bdee95829d9a6887f066946dc403f8dd26
# Parent  f397ad0fa67d056db0ca70774d8d2828e3fce0e9
Check num_units_in_tick/time_scale to be valid and within the range we support.
based on a patch by chrome

diff -r f397ad0fa67d -r c2fc56bdee95 h264.c
--- a/h264.c	Wed Sep 23 09:03:26 2009 +0000
+++ b/h264.c	Wed Sep 23 09:58:44 2009 +0000
@@ -7087,6 +7087,10 @@
     if(sps->timing_info_present_flag){
         sps->num_units_in_tick = get_bits_long(&s->gb, 32);
         sps->time_scale = get_bits_long(&s->gb, 32);
+        if(sps->num_units_in_tick-1 > 0x7FFFFFFEU || sps->time_scale-1 > 0x7FFFFFFEU){
+            av_log(h->s.avctx, AV_LOG_ERROR, "time_scale/num_units_in_tick inavlid or unsupported (%d/%d)\n", sps->time_scale, sps->num_units_in_tick);
+            return -1;
+        }
         sps->fixed_frame_rate_flag = get_bits1(&s->gb);
     }