[FFmpeg-cvslog] avcodec/vc1: Check bfraction_lut_index
Michael Niedermayer
git at videolan.org
Sun Feb 23 17:46:56 CET 2014
ffmpeg | branch: release/2.1 | Michael Niedermayer <michaelni at gmx.at> | Sat Feb 1 17:07:40 2014 +0100| [ab1c7113f9ec1e169d654990dc5379af1570d2ce] | committer: Michael Niedermayer
avcodec/vc1: Check bfraction_lut_index
Fixes: out of array read
Fixes: asan_static-oob_1b40507_2849_SA10143.vc1
Fixes: asan_static-oob_1b40a15_2849_cov_1182297305_SA10143.vc1
Fixes: asan_static-oob_1b40f15_2849_cov_2159513432_SA10143.vc1
Fixes: asan_static-oob_1b40f15_2849_cov_3230311510_SA10143.vc1
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit dcf5bfbdb6137ffdca66e0b7c2929ced42732951)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ab1c7113f9ec1e169d654990dc5379af1570d2ce
---
libavcodec/vc1.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c
index 728c7de..b9a6fdf 100644
--- a/libavcodec/vc1.c
+++ b/libavcodec/vc1.c
@@ -628,7 +628,13 @@ static void rotate_luts(VC1Context *v)
}
static int read_bfraction(VC1Context *v, GetBitContext* gb) {
- v->bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1);
+ int bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1);
+
+ if (bfraction_lut_index == 21 || bfraction_lut_index < 0) {
+ av_log(v->s.avctx, AV_LOG_ERROR, "bfraction invalid\n");
+ return AVERROR_INVALIDDATA;
+ }
+ v->bfraction_lut_index = bfraction_lut_index;
v->bfraction = ff_vc1_bfraction_lut[v->bfraction_lut_index];
return 0;
}
More information about the ffmpeg-cvslog
mailing list