[FFmpeg-cvslog] oggparsedaala: check number of planes in pixel format map
Andreas Cadhalpun
git at videolan.org
Tue Dec 29 18:44:32 CET 2015
ffmpeg | branch: master | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Tue Dec 29 16:38:26 2015 +0100| [b4466c9c1a82ce72011ed72e1221a30b15f73adb] | committer: Andreas Cadhalpun
oggparsedaala: check number of planes in pixel format map
This fixes crashes caused by out-of-bounds writes.
Reviewed-by: Rostislav Pehlivanov <atomnuker at gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b4466c9c1a82ce72011ed72e1221a30b15f73adb
---
libavformat/oggparsedaala.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libavformat/oggparsedaala.c b/libavformat/oggparsedaala.c
index dda8d70..24567f9 100644
--- a/libavformat/oggparsedaala.c
+++ b/libavformat/oggparsedaala.c
@@ -130,6 +130,12 @@ static int daala_header(AVFormatContext *s, int idx)
hdr->fpr = bytestream2_get_byte(&gb);
hdr->format.planes = bytestream2_get_byte(&gb);
+ if (hdr->format.planes > 4) {
+ av_log(s, AV_LOG_ERROR,
+ "Invalid number of planes %d in daala pixel format map.\n",
+ hdr->format.planes);
+ return AVERROR_INVALIDDATA;
+ }
for (i = 0; i < hdr->format.planes; i++) {
hdr->format.xdec[i] = bytestream2_get_byte(&gb);
hdr->format.ydec[i] = bytestream2_get_byte(&gb);
More information about the ffmpeg-cvslog
mailing list