Message ID | 20181014175656.27005-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | c27c7b49dc00a955779ad4b6801a993da5a962de |
Headers | show |
On 10/14/2018 2:56 PM, Michael Niedermayer wrote: > Fixes: out of array read > Fixes: SIGSEGV_get_obu_bit_length_av1_parse > > Found-by: keval shah <skeval65@gmail.com> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/av1_parse.h | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/av1_parse.h b/libavcodec/av1_parse.h > index 276af33ba9..864308f81d 100644 > --- a/libavcodec/av1_parse.h > +++ b/libavcodec/av1_parse.h > @@ -134,8 +134,8 @@ static inline int parse_obu_header(const uint8_t *buf, int buf_size, > > size = *obu_size + *start_pos; > > - if (size > INT_MAX) > - return AVERROR(ERANGE); > + if (size > buf_size) > + return AVERROR_INVALIDDATA; > > return size; > } LGTM, thanks.
diff --git a/libavcodec/av1_parse.h b/libavcodec/av1_parse.h index 276af33ba9..864308f81d 100644 --- a/libavcodec/av1_parse.h +++ b/libavcodec/av1_parse.h @@ -134,8 +134,8 @@ static inline int parse_obu_header(const uint8_t *buf, int buf_size, size = *obu_size + *start_pos; - if (size > INT_MAX) - return AVERROR(ERANGE); + if (size > buf_size) + return AVERROR_INVALIDDATA; return size; }
Fixes: out of array read Fixes: SIGSEGV_get_obu_bit_length_av1_parse Found-by: keval shah <skeval65@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/av1_parse.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)