aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2014-10-28 01:23:40 +0100
committerMichael Niedermayer <michaelni@gmx.at>2014-11-02 02:20:09 +0100
commitc0be9d7264400f8eb8648fd0b0ad00819e376163 (patch)
tree1f1177b56a84a5d4b7c85132237e59e76aaf4aa5
parent70402f6ee78606b55558fc864ad3d10a44d0a60c (diff)
downloadffmpeg-c0be9d7264400f8eb8648fd0b0ad00819e376163.tar.gz
avcodec/diracdec: Tighter checks on CODEBLOCKS_X/Y
Fixes very long but finite loop Fixes: asan_heap-oob_107866c_42_041.drc Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 5145d22b88b9835db81c4d286b931a78e08ab76a) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat
-rw-r--r--libavcodec/diracdec.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index 9c6fbc765b..02ec30b285 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -990,8 +990,8 @@ static int dirac_unpack_idwt_params(DiracContext *s)
/* Codeblock parameters (core syntax only) */
if (get_bits1(gb)) {
for (i = 0; i <= s->wavelet_depth; i++) {
- CHECKEDREAD(s->codeblock[i].width , tmp < 1, "codeblock width invalid\n")
- CHECKEDREAD(s->codeblock[i].height, tmp < 1, "codeblock height invalid\n")
+ CHECKEDREAD(s->codeblock[i].width , tmp < 1 || tmp > (s->avctx->width >>s->wavelet_depth-i), "codeblock width invalid\n")
+ CHECKEDREAD(s->codeblock[i].height, tmp < 1 || tmp > (s->avctx->height>>s->wavelet_depth-i), "codeblock height invalid\n")
}
CHECKEDREAD(s->codeblock_mode, tmp > 1, "unknown codeblock mode\n")
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-04 03:06:28 +0000