[FFmpeg-devel] [libav-devel] [PATCH] mpeg4videodec: only allow a positive length
Vittorio Giovara
vittorio.giovara at gmail.com
Wed Apr 22 18:51:47 CEST 2015
On Wed, Apr 22, 2015 at 3:32 PM, Andreas Cadhalpun
<andreas.cadhalpun at googlemail.com> wrote:
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
> libavcodec/mpeg4videodec.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
> index 8449392..9bf33dd 100644
> --- a/libavcodec/mpeg4videodec.c
> +++ b/libavcodec/mpeg4videodec.c
> @@ -189,14 +189,14 @@ static int mpeg4_decode_sprite_trajectory(Mpeg4DecContext *ctx, GetBitContext *g
> int x = 0, y = 0;
>
> length = get_vlc2(gb, sprite_trajectory.table, SPRITE_TRAJ_VLC_BITS, 3);
> - if (length)
> + if (length > 0)
> x = get_xbits(gb, length);
>
> if (!(ctx->divx_version == 500 && ctx->divx_build == 413))
> check_marker(gb, "before sprite_trajectory");
>
> length = get_vlc2(gb, sprite_trajectory.table, SPRITE_TRAJ_VLC_BITS, 3);
> - if (length)
> + if (length > 0)
> y = get_xbits(gb, length);
>
> check_marker(gb, "after sprite_trajectory");
> --
Not very familiar with the code, but shouldn't you error out in this case?
--
Vittorio
More information about the ffmpeg-devel
mailing list