From 042faa847feea820451c474af0034fd3de9cff82 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sun, 30 Oct 2016 13:44:52 +0100 Subject: [PATCH] avcodec/8bps: Check side data size before use Fixes out of array read Signed-off-by: Michael Niedermayer --- libavcodec/8bps.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/8bps.c b/libavcodec/8bps.c index 49fd445494..aa2318fa2d 100644 --- a/libavcodec/8bps.c +++ b/libavcodec/8bps.c @@ -122,12 +122,15 @@ static int decode_frame(AVCodecContext *avctx, void *data, } if (avctx->bits_per_coded_sample <= 8) { + int size; const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, - NULL); - if (pal) { + &size); + if (pal && size == AVPALETTE_SIZE) { frame->palette_has_changed = 1; memcpy(c->pal, pal, AVPALETTE_SIZE); + } else if (pal) { + av_log(avctx, AV_LOG_ERROR, "Palette size %d is wrong\n", size); } memcpy (frame->data[1], c->pal, AVPALETTE_SIZE);