On 2012-01-25 15:28:48 -0800, Alex Converse wrote:
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
>
> CC: libav-sta...@libav.org
> ---
> libavcodec/qdm2.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
> index 91c47a8..6acb7d8 100644
> --- a/libavcodec/qdm2.c
> +++ b/libavcodec/qdm2.c
> @@ -1819,6 +1819,10 @@ static av_cold int qdm2_decode_init(AVCodecContext
> *avctx)
> extradata += 4;
>
> s->checksum_size = AV_RB32(extradata);
> + if (s->checksum_size >= 1U << 28) {
> + av_log(avctx, AV_LOG_ERROR, "data block size too large (%u)\n",
> s->checksum_size);
> + return AVERROR_INVALIDDATA;
> + }
>
> s->fft_order = av_log2(s->fft_size) + 1;
> s->fft_frame_size = 2 * s->fft_size; // complex has two floats
ok
Janne
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
