Commit 8a69f260 authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/dvbsubdec: Check entry_id

Fixes: randomly writing over the array end
Fixes: 1473/clusterfuzz-testcase-minimized-5768907824562176

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpegSigned-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent 3a0ff781
...@@ -1103,9 +1103,9 @@ static int dvbsub_parse_clut_segment(AVCodecContext *avctx, ...@@ -1103,9 +1103,9 @@ static int dvbsub_parse_clut_segment(AVCodecContext *avctx,
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
} }
if (depth & 0x80) if (depth & 0x80 && entry_id < 4)
clut->clut4[entry_id] = RGBA(r,g,b,255 - alpha); clut->clut4[entry_id] = RGBA(r,g,b,255 - alpha);
else if (depth & 0x40) else if (depth & 0x40 && entry_id < 16)
clut->clut16[entry_id] = RGBA(r,g,b,255 - alpha); clut->clut16[entry_id] = RGBA(r,g,b,255 - alpha);
else if (depth & 0x20) else if (depth & 0x20)
clut->clut256[entry_id] = RGBA(r,g,b,255 - alpha); clut->clut256[entry_id] = RGBA(r,g,b,255 - alpha);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment