Commit e9a9ca19 authored by Kieran Kunhya's avatar Kieran Kunhya

avcodec/cfhd: Don't decode coefficients if no end of header tag found. Fixes...

avcodec/cfhd: Don't decode coefficients if no end of header tag found. Fixes fuzzed files such as the one in in ticket #5383
parent 3cb3ddde
...@@ -137,11 +137,17 @@ static void vert_filter(int16_t *output, int out_stride, int16_t *low, int low_s ...@@ -137,11 +137,17 @@ static void vert_filter(int16_t *output, int out_stride, int16_t *low, int low_s
static void free_buffers(AVCodecContext *avctx) static void free_buffers(AVCodecContext *avctx)
{ {
CFHDContext *s = avctx->priv_data; CFHDContext *s = avctx->priv_data;
int i; int i, j;
for (i = 0; i < 4; i++) { for (i = 0; i < 4; i++) {
av_freep(&s->plane[i].idwt_buf); av_freep(&s->plane[i].idwt_buf);
av_freep(&s->plane[i].idwt_tmp); av_freep(&s->plane[i].idwt_tmp);
for (j = 0; j < 9; j++)
s->plane[i].subband[j] = NULL;
for (j = 0; j < 8; j++)
s->plane[i].l_h[j] = NULL;
} }
s->a_height = 0; s->a_height = 0;
s->a_width = 0; s->a_width = 0;
...@@ -450,6 +456,12 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame, ...@@ -450,6 +456,12 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
int lowpass_a_height = s->plane[s->channel_num].band[0][0].a_height; int lowpass_a_height = s->plane[s->channel_num].band[0][0].a_height;
int lowpass_a_width = s->plane[s->channel_num].band[0][0].a_width; int lowpass_a_width = s->plane[s->channel_num].band[0][0].a_width;
if (!got_buffer) {
av_log(avctx, AV_LOG_ERROR, "No end of header tag found\n");
ret = AVERROR(EINVAL);
goto end;
}
if (lowpass_height > lowpass_a_height || lowpass_width > lowpass_a_width || if (lowpass_height > lowpass_a_height || lowpass_width > lowpass_a_width ||
lowpass_a_width * lowpass_a_height * sizeof(int16_t) > bytestream2_get_bytes_left(&gb)) { lowpass_a_width * lowpass_a_height * sizeof(int16_t) > bytestream2_get_bytes_left(&gb)) {
av_log(avctx, AV_LOG_ERROR, "Too many lowpass coefficients\n"); av_log(avctx, AV_LOG_ERROR, "Too many lowpass coefficients\n");
...@@ -489,6 +501,12 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame, ...@@ -489,6 +501,12 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
int level, run, coeff; int level, run, coeff;
int count = 0, bytes; int count = 0, bytes;
if (!got_buffer) {
av_log(avctx, AV_LOG_ERROR, "No end of header tag found\n");
ret = AVERROR(EINVAL);
goto end;
}
if (highpass_height > highpass_a_height || highpass_width > highpass_a_width || a_expected < expected) { if (highpass_height > highpass_a_height || highpass_width > highpass_a_width || a_expected < expected) {
av_log(avctx, AV_LOG_ERROR, "Too many highpass coefficents\n"); av_log(avctx, AV_LOG_ERROR, "Too many highpass coefficents\n");
ret = AVERROR(EINVAL); ret = AVERROR(EINVAL);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment