[FFmpeg-devel] [PATCH] escape124: reject codebook size 0

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Wed Nov 9 01:42:16 EET 2016


It causes a cb_depth of 32, leading to assertion failures in get_bits.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
 libavcodec/escape124.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c
index b872b3a..c3174ce 100644
--- a/libavcodec/escape124.c
+++ b/libavcodec/escape124.c
@@ -249,6 +249,10 @@ static int escape124_decode_frame(AVCodecContext *avctx,
                 // This codebook can be cut off at places other than
                 // powers of 2, leaving some of the entries undefined.
                 cb_size = get_bits_long(&gb, 20);
+                if (!cb_size) {
+                    av_log(avctx, AV_LOG_ERROR, "Invalid codebook size 0.\n");
+                    return AVERROR_INVALIDDATA;
+                }
                 cb_depth = av_log2(cb_size - 1) + 1;
             } else {
                 cb_depth = get_bits(&gb, 4);
-- 
2.10.2


More information about the ffmpeg-devel mailing list