virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

4xm: Check available space in read_huffman_tables()

Browse Source 
Fixes integer overflow and out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-01-26 02:03:05 +01:00
parent dcbb920f15
commit 53a3fdbfc5
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libavcodec/4xm.c
View File

@ -599,8 +599,10 @@ static const uint8_t *read_huffman_tables(FourXContext *f,
for (;;) {
int i;
if (start <= end && ptr_end - ptr < end - start + 1 + 1)
if (ptr_end - ptr < FFMAX(end - start + 1, 0) + 1) {
av_log(f->avctx, AV_LOG_ERROR, "invalid data in read_huffman_tables\n");
return NULL;
}
for (i = start; i <= end; i++)
frequency[i] = *ptr++;
start = *ptr++;
@ -614,6 +616,11 @@ static const uint8_t *read_huffman_tables(FourXContext *f,
while ((ptr - buf) & 3)
ptr++; // 4byte align
if (ptr > ptr_end) {
av_log(f->avctx, AV_LOG_ERROR, "ptr overflow in read_huffman_tables\n");
return NULL;
}
for (j = 257; j < 512; j++) {
int min_freq[2] = { 256 * 256, 256 * 256 };
int smallest[2] = { 0, 0 };