aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michael@niedermayer.cc>2017-05-13 23:21:24 +0200
committerMichael Niedermayer <michael@niedermayer.cc>2017-05-13 23:22:22 +0200
commit8c5cd1c9d33b4b287f85d42efb1aecfaee31de6c (patch)
treec7d8134b5079e43b2aea26ffa4de0f076a578b4a
parent86b1b0d33dd7459f0d9c352c51ee2e374fd6f7fe (diff)
downloadffmpeg-8c5cd1c9d33b4b287f85d42efb1aecfaee31de6c.tar.gz
avcodec/webp: Fix signedness in prefix_code check
Fixes: out of array read Fixes: 1557/clusterfuzz-testcase-minimized-6535013757616128 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r--libavcodec/webp.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/webp.c b/libavcodec/webp.c
index 8281cc45b4..50a8da1000 100644
--- a/libavcodec/webp.c
+++ b/libavcodec/webp.c
@@ -694,7 +694,7 @@ static int decode_entropy_coded_image(WebPContext *s, enum ImageRole role,
length = offset + get_bits(&s->gb, extra_bits) + 1;
}
prefix_code = huff_reader_get_symbol(&hg[HUFF_IDX_DIST], &s->gb);
- if (prefix_code > 39) {
+ if (prefix_code > 39U) {
av_log(s->avctx, AV_LOG_ERROR,
"distance prefix code too large: %d\n", prefix_code);
return AVERROR_INVALIDDATA;