Commit b02cc2dd authored by Michael Niedermayer's avatar Michael Niedermayer

mpeg4videodec: Check that cplx_estimation_* fits in the available space

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 06bf6d3b
...@@ -2050,6 +2050,10 @@ static int decode_vop_header(MpegEncContext *s, GetBitContext *gb){ ...@@ -2050,6 +2050,10 @@ static int decode_vop_header(MpegEncContext *s, GetBitContext *gb){
if(s->pict_type == AV_PICTURE_TYPE_B) if(s->pict_type == AV_PICTURE_TYPE_B)
skip_bits_long(gb, s->cplx_estimation_trash_b); skip_bits_long(gb, s->cplx_estimation_trash_b);
if(get_bits_left(gb) < 3) {
av_log(s->avctx, AV_LOG_ERROR, "Header truncated\n");
return -1;
}
s->intra_dc_threshold= ff_mpeg4_dc_threshold[ get_bits(gb, 3) ]; s->intra_dc_threshold= ff_mpeg4_dc_threshold[ get_bits(gb, 3) ];
if(!s->progressive_sequence){ if(!s->progressive_sequence){
s->top_field_first= get_bits1(gb); s->top_field_first= get_bits1(gb);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment