1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

smackerdec: Check that the last indexes are within the table.

Fixes CVE-2011-3944

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-01-25 22:28:57 +01:00
parent 247d30a7db
commit 1285baaab5

View File

@ -259,6 +259,11 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int
if(ctx.last[0] == -1) ctx.last[0] = huff.current++;
if(ctx.last[1] == -1) ctx.last[1] = huff.current++;
if(ctx.last[2] == -1) ctx.last[2] = huff.current++;
if(huff.current > huff.length){
ctx.last[0] = ctx.last[1] = ctx.last[2] = 1;
av_log(smk->avctx, AV_LOG_ERROR, "bigtree damaged\n");
return -1;
}
*recodes = huff.values;