Skip to content

F
ffmpeg.wasm-core
Commit dcf5bfbd authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

avcodec/vc1: Check bfraction_lut_index 

Fixes: out of array read
Fixes: asan_static-oob_1b40507_2849_SA10143.vc1
Fixes: asan_static-oob_1b40a15_2849_cov_1182297305_SA10143.vc1
Fixes: asan_static-oob_1b40f15_2849_cov_2159513432_SA10143.vc1
Fixes: asan_static-oob_1b40f15_2849_cov_3230311510_SA10143.vc1
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 388b4cf8
Hide whitespace changes
Inline Side-by-side
Showing with 7 additions and 1 deletion
libavcodec/vc1.c
View file @ dcf5bfbd
......@@ -614,7 +614,13 @@ static void rotate_luts(VC1Context *v)
}
static int read_bfraction(VC1Context *v, GetBitContext* gb) {
v->bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1);
int bfraction_lut_index = get_vlc2(gb, ff_vc1_bfraction_vlc.table, VC1_BFRACTION_VLC_BITS, 1);
if (bfraction_lut_index == 21 || bfraction_lut_index < 0) {
av_log(v->s.avctx, AV_LOG_ERROR, "bfraction invalid\n");
return AVERROR_INVALIDDATA;
}
v->bfraction_lut_index = bfraction_lut_index;
v->bfraction = ff_vc1_bfraction_lut[v->bfraction_lut_index];
return 0;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment