[FFmpeg-devel] [PATCH] diracdec: check that block length is large enough
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Tue May 5 22:39:50 CEST 2015
In init_planes p->xblen and p->yblen are set to:
p->xblen = s->plane[0].xblen >> s->chroma_x_shift;
p->yblen = s->plane[0].yblen >> s->chroma_y_shift;
These are later used as block_w and block_h arguments of
s->vdsp.emulated_edge_mc. If one of them is 0 it triggers an av_assert2
in emulated_edge_mc:
av_assert2(start_x < end_x && block_w > 0);
av_assert2(start_y < end_y && block_h > 0);
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
libavcodec/diracdec.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index adbe331..98f2ea9 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -902,6 +902,10 @@ static int dirac_unpack_prediction_parameters(DiracContext *s)
/*[DIRAC_STD] 11.2.4 motion_data_dimensions()
Calculated in function dirac_unpack_block_motion_data */
+ if (s->plane[0].xblen >> s->chroma_x_shift <= 0 || s->plane[0].yblen >> s->chroma_y_shift <= 0) {
+ av_log(s->avctx, AV_LOG_ERROR, "Block length too small\n");
+ return -1;
+ }
if (!s->plane[0].xbsep || !s->plane[0].ybsep || s->plane[0].xbsep < s->plane[0].xblen/2 || s->plane[0].ybsep < s->plane[0].yblen/2) {
av_log(s->avctx, AV_LOG_ERROR, "Block separation too small\n");
return -1;
--
2.1.4
More information about the ffmpeg-devel
mailing list