virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Code Issues Releases Activity

avcodec/dvbsubdec: check region dimensions

Browse Source 
Fixes: 1408/clusterfuzz-testcase-minimized-6529985844084736
Fixes: integer overflow

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0075d9eced)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2017-05-08 15:17:31 +02:00
parent 6c15025dee
commit 6cb55a7032
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/dvbsubdec.c
View File

@ -24,6 +24,7 @@
#include "bytestream.h"
#include "internal.h"
#include "libavutil/colorspace.h"
#include "libavutil/imgutils.h"
#include "libavutil/opt.h"
#define DVBSUB_PAGE_SEGMENT 0x10
@ -1239,6 +1240,7 @@ static int dvbsub_parse_region_segment(AVCodecContext *avctx,
DVBSubObject *object;
DVBSubObjectDisplay *display;
int fill;
int ret;
if (buf_size < 10)
return AVERROR_INVALIDDATA;
@ -1267,6 +1269,12 @@ static int dvbsub_parse_region_segment(AVCodecContext *avctx,
region->height = AV_RB16(buf);
buf += 2;
ret = av_image_check_size(region->width, region->height, 0, avctx);
if (ret < 0) {
region->width= region->height= 0;
return ret;
}
if (region->width * region->height != region->buf_size) {
av_free(region->pbuf);