[FFmpeg-cvslog] eatgv: check vector_bits

Michael Niedermayer git at videolan.org
Sun Apr 15 16:11:19 CEST 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sun Apr 15 15:29:50 2012 +0200| [b962932cba61f06c8da3e7f70e519dec1c1dd88a] | committer: Michael Niedermayer

eatgv: check vector_bits

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b962932cba61f06c8da3e7f70e519dec1c1dd88a
---

 libavcodec/eatgv.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/libavcodec/eatgv.c b/libavcodec/eatgv.c
index 65a3ad0..01d0489 100644
--- a/libavcodec/eatgv.c
+++ b/libavcodec/eatgv.c
@@ -157,6 +157,11 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b
     vector_bits       = AV_RL16(&buf[6]);
     buf += 12;
 
+    if (vector_bits > MIN_CACHE_BITS || !vector_bits) {
+        av_log(s->avctx, AV_LOG_ERROR, "vector_bits %d invalid\n", vector_bits);
+        return AVERROR_INVALIDDATA;
+    }
+
     /* allocate codebook buffers as necessary */
     if (num_mvs > s->num_mvs) {
         s->mv_codebook = av_realloc(s->mv_codebook, num_mvs*2*sizeof(int));



More information about the ffmpeg-cvslog mailing list