avcodec/dvdsubdec: error on bitmaps with size 0

Attemtping to decode them could lead to invalid writes with some fuzzed samples. Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit bcaa9099b3648b47060e1724a97dc98b63c83702) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: wm4 <nfxjfg@googlemail.com> 2015-01-07 23:57:50 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2015-06-10 02:13:08 +0200
commit: 59fc55b29738a6436489d1b9de112e35ad12a23d (patch)
tree: c49ae1f5e7885fc69c82cf78d6e9722e00baa366
parent: bda7aa7cb39a8098e14fda9400fd42f059b70f4d (diff)
download: ffmpeg-59fc55b29738a6436489d1b9de112e35ad12a23d.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c
index 5f64eb10f0..b3b1cba5bb 100644
--- a/libavcodec/dvdsubdec.c
+++ b/libavcodec/dvdsubdec.c
@@ -101,6 +101,9 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, int h,
     if (start >= buf_size)
         return -1;
 
+    if (w <= 0 || h <= 0)
+        return -1;
+
     bit_len = (buf_size - start) * 8;
     init_get_bits(&gb, buf + start, bit_len);
author	wm4 <nfxjfg@googlemail.com>	2015-01-07 23:57:50 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2015-06-10 02:13:08 +0200
commit	59fc55b29738a6436489d1b9de112e35ad12a23d (patch)
tree	c49ae1f5e7885fc69c82cf78d6e9722e00baa366
parent	bda7aa7cb39a8098e14fda9400fd42f059b70f4d (diff)
download	ffmpeg-59fc55b29738a6436489d1b9de112e35ad12a23d.tar.gz