Chiebot-Mirror
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

4xm: Check available space in read_huffman_tables()

Browse Source 
Fixes integer overflow and out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
pull/9/head
Michael Niedermayer 12 years ago
parent dcbb920f15
commit 53a3fdbfc5
1 changed files with 8 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      libavcodec/4xm.c

9
libavcodec/4xm.c
Unescape View File

@ -599,8 +599,10 @@ static const uint8_t *read_huffman_tables(FourXContext *f,
for (;;) { for (;;) {
int i; int i;
if (start <= end && ptr_end - ptr < end - start + 1 + 1) if (ptr_end - ptr < FFMAX(end - start + 1, 0) + 1) {
av_log(f->avctx, AV_LOG_ERROR, "invalid data in read_huffman_tables\n");
return NULL; return NULL;
}
for (i = start; i <= end; i++) for (i = start; i <= end; i++)
frequency[i] = *ptr++; frequency[i] = *ptr++;
start = *ptr++; start = *ptr++;
@ -614,6 +616,11 @@ static const uint8_t *read_huffman_tables(FourXContext *f,
while ((ptr - buf) & 3) while ((ptr - buf) & 3)
ptr++; // 4byte align ptr++; // 4byte align
if (ptr > ptr_end) {
av_log(f->avctx, AV_LOG_ERROR, "ptr overflow in read_huffman_tables\n");
return NULL;
}
for (j = 257; j < 512; j++) { for (j = 257; j < 512; j++) {
int min_freq[2] = { 256 * 256, 256 * 256 }; int min_freq[2] = { 256 * 256, 256 * 256 };
int smallest[2] = { 0, 0 }; int smallest[2] = { 0, 0 };

Write Preview
Loading…
Cancel
Save