[FFmpeg-cvslog] avcodec/ffv1dec: Check for 0 quant tables

Michael Niedermayer git at videolan.org
Thu Nov 26 17:54:59 CET 2015


ffmpeg | branch: release/2.5 | Michael Niedermayer <michael at niedermayer.cc> | Thu Nov  5 00:36:59 2015 +0100| [86018daa419db0721ede248328492292f9513c65] | committer: Michael Niedermayer

avcodec/ffv1dec: Check for 0 quant tables

Fixes assertion failure
Fixes: 07ec1fc3c1cbf2d3edcd7d9b52ca156c/asan_heap-oob_13624c5_491_ecd4720a03e697ba750b235690656c8f.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5745cf799a4389bc5d14f2b4daf32fe4631c50bc)

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86018daa419db0721ede248328492292f9513c65
---

 libavcodec/ffv1dec.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 4d1c324..d8f535a 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -567,7 +567,7 @@ static int read_extra_header(FFV1Context *f)
     }
 
     f->quant_table_count = get_symbol(c, state, 0);
-    if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES)
+    if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES || !f->quant_table_count)
         return AVERROR_INVALIDDATA;
 
     for (i = 0; i < f->quant_table_count; i++) {



More information about the ffmpeg-cvslog mailing list