[FFmpeg-devel] [PATCH] check for invalid sym values in indeo decoder (issue 2523)

Daniel Kang daniel.d.kang
Tue Jan 11 21:26:19 CET 2011


On Tue, Jan 11, 2011 at 11:24 AM, Michael Niedermayer <michaelni at gmx.at>wrote:

>  On Sun, Jan 09, 2011 at 07:18:07PM -0500, Daniel Kang wrote:
> > ffmpeg does not check for invalid sym values (i.e. < 0 or >= 256). With
> > corrupted video, this may cause ffmpeg to crash. The patch attached adds
> > a check for this.
>
> >  ivi_common.c |    8 ++++++--
> >  1 file changed, 6 insertions(+), 2 deletions(-)
> > 1b7d07ddde38356c61ad50bb64640905b8300613  indeo_invalid_sym_check.diff
> > From 43c462f6a4920b82aeb0a22bb6f9c334b9614f96 Mon Sep 17 00:00:00 2001
> > From: Daniel Kang <daniel.d.kang at gmail.com>
> > Date: Sun, 9 Jan 2011 18:50:28 -0500
> > Subject: [PATCH] Check for invalid indeo sym value
> >
> > ---
> >  libavcodec/ivi_common.c |    8 ++++++--
> >  1 files changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavcodec/ivi_common.c b/libavcodec/ivi_common.c
> > index b158458..81e01a7 100644
> > --- a/libavcodec/ivi_common.c
> > +++ b/libavcodec/ivi_common.c
> > @@ -404,8 +404,12 @@ int ff_ivi_decode_blocks(GetBitContext *gb,
> IVIBandDesc *band, IVITile *tile)
> >                          hi  = get_vlc2(gb, band->blk_vlc.tab->table,
> IVI_VLC_BITS, 1);
> >                          val = IVI_TOSIGNED((hi << 6) | lo); /* merge
> them and convert into signed val */
> >                      } else {
> > -                        run = rvmap->runtab[sym];
> > -                        val = rvmap->valtab[sym];
> > +                        if (sym < 0 || sym >= 256)
> > +                            av_log(NULL, AV_LOG_ERROR, "Invalid sym
> encountered.\n");
>
> this is a error condition and continuing with undefined values makes no
> sense
> also i suspect only one of teh 2 checks is needed


I have updated the message and return an error. The invalid sym in this
case are -1. I am not sure if the other check is needed, as the sample
file does not encounter values greater than 256.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: indeo_invalid_sym_check.diff
Type: application/octet-stream
Size: 1384 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20110111/b80f67a5/attachment.obj>



More information about the ffmpeg-devel mailing list