virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-10 06:10:52 +02:00
Code Issues Releases Activity

Check sanity in the palette loading operation. The addresses a potential security risk in

Browse Source 
the MOV/MP4 demuxer.

Originally committed as revision 11166 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Mike Melanson
2007-12-05 04:30:33 +00:00
parent ab19baef36
commit 8b35bd806d
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
libavformat/mov.c
View File

@@ -572,10 +572,10 @@ static int mov_read_stsd(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
uint8_t codec_name[32];
/* for palette traversal */
int color_depth;
int color_start;
int color_count;
int color_end;
unsigned int color_depth;
unsigned int color_start;
unsigned int color_count;
unsigned int color_end;
int color_index;
int color_dec;
int color_greyscale;
@@ -701,6 +701,8 @@ static int mov_read_stsd(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
color_start = get_be32(pb);
color_count = get_be16(pb);
color_end = get_be16(pb);
if ((color_start <= 255) &&
(color_end <= 255)) {
for (j = color_start; j <= color_end; j++) {
/* each R, G, or B component is 16 bits;
* only use the top 8 bits; skip alpha bytes
@@ -717,6 +719,7 @@ static int mov_read_stsd(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
(r << 16) | (g << 8) | (b);
}
}
}
st->codec->palctrl = &c->palette_control;
st->codec->palctrl->palette_changed = 1;