virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Code Issues Releases Activity

avcodec/cfhd: Check bpc before setting bpc in context

Browse Source 
Fixes: runtime error: shift exponent 32 is too large for 32-bit type 'int'
Fixes: 2306/clusterfuzz-testcase-minimized-5002997392211968

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6f1d2355a7)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2017-06-21 19:34:31 +02:00
parent fe8960ab86
commit 0749384f0a
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libavcodec/cfhd.c
View File

@ -258,6 +258,11 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
s->coded_height = data;
} else if (tag == 101) {
av_log(avctx, AV_LOG_DEBUG, "Bits per component: %"PRIu16"\n", data);
if (data < 1 || data > 31) {
av_log(avctx, AV_LOG_ERROR, "Bits per component %d is invalid\n", data);
ret = AVERROR(EINVAL);
break;
}
s->bpc = data;
} else if (tag == 12) {
av_log(avctx, AV_LOG_DEBUG, "Channel Count: %"PRIu16"\n", data);
@ -404,12 +409,12 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
av_log(avctx, AV_LOG_DEBUG, "Other codebook? %i\n", s->codebook);
} else if (tag == 70) {
av_log(avctx, AV_LOG_DEBUG, "Subsampling or bit-depth flag? %i\n", data);
s->bpc = data;
if (!(s->bpc == 10 || s->bpc == 12)) {
if (!(data == 10 || data == 12)) {
av_log(avctx, AV_LOG_ERROR, "Invalid bits per channel\n");
ret = AVERROR(EINVAL);
break;
}
s->bpc = data;
} else if (tag == 84) {
av_log(avctx, AV_LOG_DEBUG, "Sample format? %i\n", data);
if (data == 1)