avcodec/ansi: fix integer overflow

Fixes out of array read Fixes: 5f9698e86d92f19bb08d54ff0d57027f-signal_sigsegv_b30756_3795_cov_2693691257_ansi256.ans Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d42ec8433c687fcbccefa51a7716d81920218e4f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2014-02-17 20:49:42 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2014-02-23 14:28:10 +0100
commit: 18eac12c6d470588afd8abc15396ba77dfdcb4ee (patch)
tree: 1367b41a7aae12156fe2b7fb5fe8bf31baebc3d9
parent: 4cc18ee5da110087b5661ef0269ef59742e90a82 (diff)
download: ffmpeg-18eac12c6d470588afd8abc15396ba77dfdcb4ee.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/ansi.c b/libavcodec/ansi.c
index 8dce61a8c6..8e2b61d912 100644
--- a/libavcodec/ansi.c
+++ b/libavcodec/ansi.c
@@ -417,7 +417,7 @@ static int decode_frame(AVCodecContext *avctx,
             switch(buf[0]) {
             case '0': case '1': case '2': case '3': case '4':
             case '5': case '6': case '7': case '8': case '9':
-                if (s->nb_args < MAX_NB_ARGS)
+                if (s->nb_args < MAX_NB_ARGS && s->args[s->nb_args] < 6553)
                     s->args[s->nb_args] = FFMAX(s->args[s->nb_args], 0) * 10 + buf[0] - '0';
                 break;
             case ';':
author	Michael Niedermayer <michaelni@gmx.at>	2014-02-17 20:49:42 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2014-02-23 14:28:10 +0100
commit	18eac12c6d470588afd8abc15396ba77dfdcb4ee (patch)
tree	1367b41a7aae12156fe2b7fb5fe8bf31baebc3d9
parent	4cc18ee5da110087b5661ef0269ef59742e90a82 (diff)
download	ffmpeg-18eac12c6d470588afd8abc15396ba77dfdcb4ee.tar.gz