ffmpeg | branch: master | Andreas Cadhalpun <[email protected]> | Mon Mar 2 20:47:57 2015 +0100| [5de2dab12b951b2fe121eb18503accfc91cd1565] | committer: Michael Niedermayer
avcodec/webp: validate the distance prefix code According to the WebP Lossless Bitstream Specification the highest allowed value for a prefix code is 39. If prefix_code is too large, the calculated extra_bits has an invalid value and triggers an assertion in get_bits. Signed-off-by: Andreas Cadhalpun <[email protected]> Signed-off-by: Michael Niedermayer <[email protected]> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5de2dab12b951b2fe121eb18503accfc91cd1565 --- libavcodec/webp.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/webp.c b/libavcodec/webp.c index e0f7239..9549c0e 100644 --- a/libavcodec/webp.c +++ b/libavcodec/webp.c @@ -694,6 +694,11 @@ static int decode_entropy_coded_image(WebPContext *s, enum ImageRole role, length = offset + get_bits(&s->gb, extra_bits) + 1; } prefix_code = huff_reader_get_symbol(&hg[HUFF_IDX_DIST], &s->gb); + if (prefix_code > 39) { + av_log(s->avctx, AV_LOG_ERROR, + "distance prefix code too large: %d\n", prefix_code); + return AVERROR_INVALIDDATA; + } if (prefix_code < 4) { distance = prefix_code + 1; } else { _______________________________________________ ffmpeg-cvslog mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
