[FFmpeg-cvslog] escape124: reject codebook size 0

Andreas Cadhalpun git at videolan.org
Sun Nov 27 01:41:10 EET 2016


ffmpeg | branch: release/3.0 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Wed Nov  9 00:38:50 2016 +0100| [e14cc2f1975b608b630725007bda10f49aa096a1] | committer: Andreas Cadhalpun

escape124: reject codebook size 0

It causes a cb_depth of 32, leading to assertion failures in get_bits.

Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit 226d35c84591f1901c2a13819031549909faa1f5)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e14cc2f1975b608b630725007bda10f49aa096a1
---

 libavcodec/escape124.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c
index 50a86c8..dfbaec9 100644
--- a/libavcodec/escape124.c
+++ b/libavcodec/escape124.c
@@ -250,6 +250,10 @@ static int escape124_decode_frame(AVCodecContext *avctx,
                 // This codebook can be cut off at places other than
                 // powers of 2, leaving some of the entries undefined.
                 cb_size = get_bits_long(&gb, 20);
+                if (!cb_size) {
+                    av_log(avctx, AV_LOG_ERROR, "Invalid codebook size 0.\n");
+                    return AVERROR_INVALIDDATA;
+                }
                 cb_depth = av_log2(cb_size - 1) + 1;
             } else {
                 cb_depth = get_bits(&gb, 4);



More information about the ffmpeg-cvslog mailing list