[FFmpeg-cvslog] kvmc: Check palsize.
Michael Niedermayer
git at videolan.org
Thu Jan 26 17:46:32 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Jan 26 17:30:49 2012 +0100| [70dba1e3c856e86e1780c0a324abbce034f0c7da] | committer: Michael Niedermayer
kvmc: Check palsize.
Fixes: CVE-2011-3952
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=70dba1e3c856e86e1780c0a324abbce034f0c7da
---
libavcodec/kmvc.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/libavcodec/kmvc.c b/libavcodec/kmvc.c
index 20cc212..9c98bad 100644
--- a/libavcodec/kmvc.c
+++ b/libavcodec/kmvc.c
@@ -380,6 +380,11 @@ static av_cold int decode_init(AVCodecContext * avctx)
c->palsize = 127;
} else {
c->palsize = AV_RL16(avctx->extradata + 10);
+ if (c->palsize > 255U) {
+ c->palsize = 127;
+ av_log(NULL, AV_LOG_ERROR, "palsize too big\n");
+ return -1;
+ }
}
if (avctx->extradata_size == 1036) { // palette in extradata
More information about the ffmpeg-cvslog
mailing list