[FFmpeg-devel] [PATCH] avcodec/webp: validate the distance prefix code
Michael Niedermayer
michaelni at gmx.at
Tue Mar 3 00:38:45 CET 2015
On Mon, Mar 02, 2015 at 08:58:45PM +0100, Andreas Cadhalpun wrote:
> Hi,
>
> according to the WebP Lossless Bitstream Specification [1] the
> highest allowed value for the prefix code is 39. Attached patch adds
> a check for this to avoid crashes decoding broken files.
>
> Best regards,
> Andreas
>
>
> 1: https://developers.google.com/speed/webp/docs/webp_lossless_bitstream_specification#4_image_data
>
> webp.c | 5 +++++
> 1 file changed, 5 insertions(+)
> 43adf54378f715b26fd69e5e9e7919707e51ae66 0001-avcodec-webp-validate-the-distance-prefix-code.patch
> From a33b82acc6ab16e1aafaa44d3258d5177dff2cb0 Mon Sep 17 00:00:00 2001
> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> Date: Mon, 2 Mar 2015 20:47:57 +0100
> Subject: [PATCH] avcodec/webp: validate the distance prefix code
>
> According to the WebP Lossless Bitstream Specification the highest
> allowed value for a prefix code is 39.
>
> If prefix_code is too large, the calculated extra_bits has an invalid
> value and triggers an assertion in get_bits.
applied
thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Freedom in capitalist society always remains about the same as it was in
ancient Greek republics: Freedom for slave owners. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150303/26e13ea8/attachment.asc>
More information about the ffmpeg-devel
mailing list