aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2012-01-26 17:30:49 +0100
committerMichael Niedermayer <michaelni@gmx.at>2012-01-26 17:30:49 +0100
commit70dba1e3c856e86e1780c0a324abbce034f0c7da (patch)
tree92d5cf226a3622d527141ba9f37420d75692cb5d
parent1860c66c5460e21314202be3624768d7e1bf45b0 (diff)
downloadffmpeg-70dba1e3c856e86e1780c0a324abbce034f0c7da.tar.gz
kvmc: Check palsize.
Fixes: CVE-2011-3952 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r--libavcodec/kmvc.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/kmvc.c b/libavcodec/kmvc.c
index 20cc2120c5..9c98badbde 100644
--- a/libavcodec/kmvc.c
+++ b/libavcodec/kmvc.c
@@ -380,6 +380,11 @@ static av_cold int decode_init(AVCodecContext * avctx)
c->palsize = 127;
} else {
c->palsize = AV_RL16(avctx->extradata + 10);
+ if (c->palsize > 255U) {
+ c->palsize = 127;
+ av_log(NULL, AV_LOG_ERROR, "palsize too big\n");
+ return -1;
+ }
}
if (avctx->extradata_size == 1036) { // palette in extradata