Commit b962932c authored by Michael Niedermayer's avatar Michael Niedermayer

eatgv: check vector_bits

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 34123ab9
...@@ -157,6 +157,11 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b ...@@ -157,6 +157,11 @@ static int tgv_decode_inter(TgvContext * s, const uint8_t *buf, const uint8_t *b
vector_bits = AV_RL16(&buf[6]); vector_bits = AV_RL16(&buf[6]);
buf += 12; buf += 12;
if (vector_bits > MIN_CACHE_BITS || !vector_bits) {
av_log(s->avctx, AV_LOG_ERROR, "vector_bits %d invalid\n", vector_bits);
return AVERROR_INVALIDDATA;
}
/* allocate codebook buffers as necessary */ /* allocate codebook buffers as necessary */
if (num_mvs > s->num_mvs) { if (num_mvs > s->num_mvs) {
s->mv_codebook = av_realloc(s->mv_codebook, num_mvs*2*sizeof(int)); s->mv_codebook = av_realloc(s->mv_codebook, num_mvs*2*sizeof(int));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment