diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2012-01-26 17:30:49 +0100 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2012-01-26 17:30:49 +0100 |
commit | 70dba1e3c856e86e1780c0a324abbce034f0c7da (patch) | |
tree | 92d5cf226a3622d527141ba9f37420d75692cb5d | |
parent | 1860c66c5460e21314202be3624768d7e1bf45b0 (diff) | |
download | ffmpeg-70dba1e3c856e86e1780c0a324abbce034f0c7da.tar.gz |
kvmc: Check palsize.
Fixes: CVE-2011-3952
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r-- | libavcodec/kmvc.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/kmvc.c b/libavcodec/kmvc.c index 20cc2120c5..9c98badbde 100644 --- a/libavcodec/kmvc.c +++ b/libavcodec/kmvc.c @@ -380,6 +380,11 @@ static av_cold int decode_init(AVCodecContext * avctx) c->palsize = 127; } else { c->palsize = AV_RL16(avctx->extradata + 10); + if (c->palsize > 255U) { + c->palsize = 127; + av_log(NULL, AV_LOG_ERROR, "palsize too big\n"); + return -1; + } } if (avctx->extradata_size == 1036) { // palette in extradata |