Message ID | 97079311-c64b-2019-e000-4f9b5aab19fa@googlemail.com |
---|---|
State | Accepted |
Commit | 226d35c84591f1901c2a13819031549909faa1f5 |
Headers | show |
On Wed, Nov 09, 2016 at 12:42:16AM +0100, Andreas Cadhalpun wrote: > It causes a cb_depth of 32, leading to assertion failures in get_bits. > > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > --- > libavcodec/escape124.c | 4 ++++ > 1 file changed, 4 insertions(+) should be ok thx
On 09.11.2016 11:12, Michael Niedermayer wrote: > On Wed, Nov 09, 2016 at 12:42:16AM +0100, Andreas Cadhalpun wrote: >> It causes a cb_depth of 32, leading to assertion failures in get_bits. >> >> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> >> --- >> libavcodec/escape124.c | 4 ++++ >> 1 file changed, 4 insertions(+) > > should be ok Pushed. Best regards, Andreas
diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c index b872b3a..c3174ce 100644 --- a/libavcodec/escape124.c +++ b/libavcodec/escape124.c @@ -249,6 +249,10 @@ static int escape124_decode_frame(AVCodecContext *avctx, // This codebook can be cut off at places other than // powers of 2, leaving some of the entries undefined. cb_size = get_bits_long(&gb, 20); + if (!cb_size) { + av_log(avctx, AV_LOG_ERROR, "Invalid codebook size 0.\n"); + return AVERROR_INVALIDDATA; + } cb_depth = av_log2(cb_size - 1) + 1; } else { cb_depth = get_bits(&gb, 4);
It causes a cb_depth of 32, leading to assertion failures in get_bits. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavcodec/escape124.c | 4 ++++ 1 file changed, 4 insertions(+)