[FFmpeg-cvslog] avcodec/ffv1dec: Check for 0 quant tables

Michael Niedermayer git at videolan.org
Sun Dec 6 14:16:05 CET 2015


ffmpeg | branch: release/2.1 | Michael Niedermayer <michael at niedermayer.cc> | Thu Nov  5 00:36:59 2015 +0100| [fde9b80c17e1f7ac7f8861d43180c94eaf8ee362] | committer: Carl Eugen Hoyos

avcodec/ffv1dec: Check for 0 quant tables

Fixes assertion failure
Fixes: 07ec1fc3c1cbf2d3edcd7d9b52ca156c/asan_heap-oob_13624c5_491_ecd4720a03e697ba750b235690656c8f.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5745cf799a4389bc5d14f2b4daf32fe4631c50bc)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fde9b80c17e1f7ac7f8861d43180c94eaf8ee362
---

 libavcodec/ffv1dec.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 48f68c3..168a393 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -533,7 +533,7 @@ static int read_extra_header(FFV1Context *f)
     }
 
     f->quant_table_count = get_symbol(c, state, 0);
-    if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES)
+    if (f->quant_table_count > (unsigned)MAX_QUANT_TABLES || !f->quant_table_count)
         return AVERROR_INVALIDDATA;
 
     for (i = 0; i < f->quant_table_count; i++) {



More information about the ffmpeg-cvslog mailing list