mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
smackerdec: Check that the last indexes are within the table.
Fixes CVE-2011-3944 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
247d30a7db
commit
1285baaab5
@ -259,6 +259,11 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int
|
||||
if(ctx.last[0] == -1) ctx.last[0] = huff.current++;
|
||||
if(ctx.last[1] == -1) ctx.last[1] = huff.current++;
|
||||
if(ctx.last[2] == -1) ctx.last[2] = huff.current++;
|
||||
if(huff.current > huff.length){
|
||||
ctx.last[0] = ctx.last[1] = ctx.last[2] = 1;
|
||||
av_log(smk->avctx, AV_LOG_ERROR, "bigtree damaged\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
*recodes = huff.values;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user