[FFmpeg-devel] [PATCH 1/2] avcodec/anm: Check extradata length before allocating frame
Peter Ross
pross at xvid.org
Sun May 31 05:44:00 EEST 2020
On Sat, May 30, 2020 at 06:32:59AM +0200, Andreas Rheinhardt wrote:
> Then one doesn't need to free the frame in case the length turns out to
> be insufficient.
>
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> ---
> libavcodec/anm.c | 8 +++-----
> 1 file changed, 3 insertions(+), 5 deletions(-)
>
> diff --git a/libavcodec/anm.c b/libavcodec/anm.c
> index cd1fcc5998..e9b19d880d 100644
> --- a/libavcodec/anm.c
> +++ b/libavcodec/anm.c
> @@ -40,6 +40,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
> AnmContext *s = avctx->priv_data;
> int i;
>
> + if (avctx->extradata_size < 16 * 8 + 4 * 256)
> + return AVERROR_INVALIDDATA;
> +
> avctx->pix_fmt = AV_PIX_FMT_PAL8;
>
> s->frame = av_frame_alloc();
> @@ -47,11 +50,6 @@ static av_cold int decode_init(AVCodecContext *avctx)
> return AVERROR(ENOMEM);
>
> bytestream2_init(&s->gb, avctx->extradata, avctx->extradata_size);
> - if (bytestream2_get_bytes_left(&s->gb) < 16 * 8 + 4 * 256) {
> - av_frame_free(&s->frame);
> - return AVERROR_INVALIDDATA;
> - }
> -
> bytestream2_skipu(&s->gb, 16 * 8);
> for (i = 0; i < 256; i++)
> s->palette[i] = (0xFFU << 24) | bytestream2_get_le32u(&s->gb);
> --
> 2.20.1
ok.
-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200531/3d1173ad/attachment.sig>
More information about the ffmpeg-devel
mailing list