ffmpeg | branch: release/2.2 | wm4 <nfx...@googlemail.com> | Wed Jan 7 23:57:50 2015 +0100| [b76dc8b5b8f7a637b3232329d574a42af35878ca] | committer: Michael Niedermayer
avcodec/dvdsubdec: error on bitmaps with size 0 Attemtping to decode them could lead to invalid writes with some fuzzed samples. Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit bcaa9099b3648b47060e1724a97dc98b63c83702) Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b76dc8b5b8f7a637b3232329d574a42af35878ca --- libavcodec/dvdsubdec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c index 0fcf0fb..122a4c7 100644 --- a/libavcodec/dvdsubdec.c +++ b/libavcodec/dvdsubdec.c @@ -108,6 +108,9 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, int h, if (start >= buf_size) return -1; + if (w <= 0 || h <= 0) + return -1; + bit_len = (buf_size - start) * 8; init_get_bits(&gb, buf + start, bit_len); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog