[FFmpeg-cvslog] eatgv: check vector_bits

Michael Niedermayer git at videolan.org
Sun May 6 22:19:01 CEST 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sun Apr 15 13:29:50 2012 +0200| [71a3c59ed73f2cad401d192278d1fcab9a129606] | committer: Kostya Shishkov

eatgv: check vector_bits

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Kostya Shishkov <kostya.shishkov at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=71a3c59ed73f2cad401d192278d1fcab9a129606
---

 libavcodec/eatgv.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/libavcodec/eatgv.c b/libavcodec/eatgv.c
index 9484ff1..60058b2 100644
--- a/libavcodec/eatgv.c
+++ b/libavcodec/eatgv.c
@@ -154,6 +154,12 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b
     vector_bits       = AV_RL16(&buf[6]);
     buf += 12;
 
+    if (vector_bits > MIN_CACHE_BITS || !vector_bits) {
+        av_log(s->avctx, AV_LOG_ERROR,
+               "Invalid value for motion vector bits: %d\n", vector_bits);
+        return AVERROR_INVALIDDATA;
+    }
+
     /* allocate codebook buffers as necessary */
     if (num_mvs > s->num_mvs) {
         s->mv_codebook = av_realloc(s->mv_codebook, num_mvs*2*sizeof(int));



More information about the ffmpeg-cvslog mailing list