[FFmpeg-devel] [PATCH] mss1: check number of free colours
Paul B Mahol
onemda at gmail.com
Tue Jun 26 00:48:31 CEST 2012
Prevents out of array write.
Signed-off-by: Paul B Mahol <onemda at gmail.com>
---
libavcodec/mss1.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/libavcodec/mss1.c b/libavcodec/mss1.c
index b9e3233..dfddbd9 100644
--- a/libavcodec/mss1.c
+++ b/libavcodec/mss1.c
@@ -783,6 +783,10 @@ static av_cold int mss1_decode_init(AVCodecContext *avctx)
av_log(avctx, AV_LOG_DEBUG, "Encoder version %d.%d\n",
AV_RB32(avctx->extradata + 4), AV_RB32(avctx->extradata + 8));
c->free_colours = AV_RB32(avctx->extradata + 48);
+ if (c->free_colours < 0 || c->free_colours > 256) {
+ av_log(avctx, AV_LOG_ERROR, "Invalid free colours %d\n", c->free_colours);
+ return AVERROR_INVALIDDATA;
+ }
av_log(avctx, AV_LOG_DEBUG, "%d free colour(s)\n", c->free_colours);
avctx->coded_width = AV_RB32(avctx->extradata + 20);
avctx->coded_height = AV_RB32(avctx->extradata + 24);
--
1.7.7
More information about the ffmpeg-devel
mailing list