Skip to content

F
ffmpeg.wasm-core
Commit e273dade authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

avcodec/mss2: Check for repeat overflow 

Fixes: mss2_left_shift.wmv
Found-by: 's avatarPiotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent 42c54d4c
Show whitespace changes
Inline Side-by-side
Showing with 6 additions and 1 deletion
libavcodec/mss2.c
View file @ e273dade
...@@ -210,8 +210,13 @@ static int decode_555(GetByteContext *gB, uint16_t *dst, int stride, ...@@ -210,8 +210,13 @@ static int decode_555(GetByteContext *gB, uint16_t *dst, int stride,
last_symbol = b << 8 | bytestream2_get_byte(gB); last_symbol = b << 8 | bytestream2_get_byte(gB);
else if (b > 129) { else if (b > 129) {
repeat = 0; repeat = 0;
while (b-- > 130) while (b-- > 130) {
if (repeat >= (INT_MAX >> 8) - 1) {
av_log(NULL, AV_LOG_ERROR, "repeat overflow\n");
return AVERROR_INVALIDDATA;
}
repeat = (repeat << 8) + bytestream2_get_byte(gB) + 1; repeat = (repeat << 8) + bytestream2_get_byte(gB) + 1;
}
if (last_symbol == -2) { if (last_symbol == -2) {
int skip = FFMIN((unsigned)repeat, dst + w - p); int skip = FFMIN((unsigned)repeat, dst + w - p);
repeat -= skip; repeat -= skip;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment