avcodec/g2meet: Check R/G/B values in epic_decode_pixel_pred()

Fixes: asan_double-free_d34593_861_smp3.wmv Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/g2meet: Check R/G/B values in epic_decode_pixel_pred()
Fixes: asan_double-free_d34593_861_smp3.wmv Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
b1e242bc · Michael Niedermayer · 3526a120 · b1e242bc
Commit b1e242bc authored Jul 10, 2015 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

g2meet.c libavcodec/g2meet.c +5 -0

No files found.
--- a/libavcodec/g2meet.c
+++ b/libavcodec/g2meet.c
@@ -555,6 +555,11 @@ static uint32_t epic_decode_pixel_pred(ePICContext *dc, int x, int y,
        B     = ((pred >> B_shift) & 0xFF) - TOSIGNED(delta);
    }

+    if (R<0 || G<0 || B<0) {
+        av_log(NULL, AV_LOG_ERROR, "RGB %d %d %d is out of range\n", R, G, B);
+        return 0;
+    }
+
    return (R << R_shift) | (G << G_shift) | (B << B_shift);
 }