virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-02-20 07:48:15 +02:00
Code Issues Releases Activity

avcodec/vc1_block: Check for double escapes

Browse Source 
Fixes: out of array read
Fixes: 16331/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_WMV3IMAGE_fuzzer-5672735195267072

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 6962fd586e1a9a98828866dcfb4114af30c8c756)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2019-08-15 18:47:54 +02:00
parent 77b92f757a
commit ffaa89b5ad
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/vc1_block.c
View File

@ -507,7 +507,7 @@ static int vc1_decode_ac_coeff(VC1Context *v, int *last, int *skip,
int escape = decode210(gb);
if (escape != 2) {
index = get_vlc2(gb, ff_vc1_ac_coeff_table[codingset].table, AC_VLC_BITS, 3);
if (index < 0)
if (index >= ff_vc1_ac_sizes[codingset] - 1U)
return AVERROR_INVALIDDATA;
run = vc1_index_decode_table[codingset][index][0];
level = vc1_index_decode_table[codingset][index][1];