On Thu, Oct 13, 2011 at 05:45:47PM -0400, Justin Ruggles wrote:
> ---
> libavcodec/shorten.c | 17 +++++++++++++++--
> 1 files changed, 15 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
> index 2502587..3f06e57 100644
> --- a/libavcodec/shorten.c
> +++ b/libavcodec/shorten.c
> @@ -330,8 +330,16 @@ static int read_header(ShortenContext *s)
>
> /* get blocksize if version > 0 */
> if (s->version > 0) {
> - int skip_bytes;
> - s->blocksize = get_uint(s, av_log2(DEFAULT_BLOCK_SIZE));
> + int skip_bytes, blocksize;
> +
> + blocksize = get_uint(s, av_log2(DEFAULT_BLOCK_SIZE));
> + if (!blocksize || blocksize > MAX_BLOCKSIZE) {
> + av_log(s->avctx, AV_LOG_ERROR, "invalid or unsupported block
> size: %d\n",
> + blocksize);
> + return AVERROR(EINVAL);
> + }
> + s->blocksize = blocksize;
> +
> maxnlpc = get_uint(s, LPCQSIZE);
> s->nmean = get_uint(s, 0);
>
> @@ -456,6 +464,11 @@ static int shorten_decode_frame(AVCodecContext *avctx,
> av_log(avctx, AV_LOG_ERROR, "Increasing block size
> is not supported\n");
> return AVERROR_PATCHWELCOME;
> }
> + if (!blocksize || blocksize > MAX_BLOCKSIZE) {
> + av_log(avctx, AV_LOG_ERROR, "invalid or unsupported "
> + "block size: %d\n", blocksize);
> + return AVERROR(EINVAL);
> + }
> s->blocksize = blocksize;
> break;
> }
> --
OK
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
