[FFmpeg-cvslog] rv30: check block type validity
Janne Grunau
git at videolan.org
Wed Feb 15 02:14:06 CET 2012
ffmpeg | branch: master | Janne Grunau <janne-libav at jannau.net> | Tue Feb 14 15:02:30 2012 +0100| [18d1d5886bb78e4d0e11a2a0193fda765e05805d] | committer: Janne Grunau
rv30: check block type validity
Prevents crashes with the fuzzed samples from bugs 88, 89 and 125 after
"golomb: avoid infinite loop on all-zero input".
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=18d1d5886bb78e4d0e11a2a0193fda765e05805d
---
libavcodec/rv30.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libavcodec/rv30.c b/libavcodec/rv30.c
index 4828e98..1bb223c 100644
--- a/libavcodec/rv30.c
+++ b/libavcodec/rv30.c
@@ -103,7 +103,7 @@ static int rv30_decode_mb_info(RV34DecContext *r)
GetBitContext *gb = &s->gb;
int code = svq3_get_ue_golomb(gb);
- if(code > 11){
+ if (code < 0 || code > 11) {
av_log(s->avctx, AV_LOG_ERROR, "Incorrect MB type code\n");
return -1;
}
More information about the ffmpeg-cvslog
mailing list