mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-01-08 13:22:53 +02:00
avcodec/ansi: fix integer overflow
Fixes out of array read Fixes: 5f9698e86d92f19bb08d54ff0d57027f-signal_sigsegv_b30756_3795_cov_2693691257_ansi256.ans Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
parent
911eb71133
commit
d42ec8433c
@ -420,7 +420,7 @@ static int decode_frame(AVCodecContext *avctx,
|
|||||||
switch(buf[0]) {
|
switch(buf[0]) {
|
||||||
case '0': case '1': case '2': case '3': case '4':
|
case '0': case '1': case '2': case '3': case '4':
|
||||||
case '5': case '6': case '7': case '8': case '9':
|
case '5': case '6': case '7': case '8': case '9':
|
||||||
if (s->nb_args < MAX_NB_ARGS)
|
if (s->nb_args < MAX_NB_ARGS && s->args[s->nb_args] < 6553)
|
||||||
s->args[s->nb_args] = FFMAX(s->args[s->nb_args], 0) * 10 + buf[0] - '0';
|
s->args[s->nb_args] = FFMAX(s->args[s->nb_args], 0) * 10 + buf[0] - '0';
|
||||||
break;
|
break;
|
||||||
case ';':
|
case ';':
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user