ffmpeg | branch: release/2.5 | Michael Niedermayer <mich...@niedermayer.cc> | Fri Sep 25 14:26:14 2015 +0200| [9c0fb2548f862224be6c557a763b548d7cfc7db1] | committer: Michael Niedermayer
avcodec/rangecoder: Check e Fixes hang.nut Found-by: Paul B Mahol <one...@gmail.com> Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> (cherry picked from commit b2955b6c5aed11026ec5c7164462899a10cdb937) Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9c0fb2548f862224be6c557a763b548d7cfc7db1 --- libavcodec/ffv1dec.c | 5 ++++- libavcodec/snow.h | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index e4c020b..9c6e3cf 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -47,8 +47,11 @@ static inline av_flatten int get_symbol_inline(RangeCoder *c, uint8_t *state, else { int i, e, a; e = 0; - while (get_rac(c, state + 1 + FFMIN(e, 9))) // 1..10 + while (get_rac(c, state + 1 + FFMIN(e, 9))) { // 1..10 e++; + if (e > 31) + return AVERROR_INVALIDDATA; + } a = 1; for (i = e - 1; i >= 0; i--) diff --git a/libavcodec/snow.h b/libavcodec/snow.h index 12aad18..23e04bd 100644 --- a/libavcodec/snow.h +++ b/libavcodec/snow.h @@ -557,6 +557,8 @@ static inline int get_symbol(RangeCoder *c, uint8_t *state, int is_signed){ e= 0; while(get_rac(c, state+1 + FFMIN(e,9))){ //1..10 e++; + if (e > 31) + return AVERROR_INVALIDDATA; } a= 1; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
