avcodec/ansi: fix integer overflow

Fixes out of array read Fixes: 5f9698e86d92f19bb08d54ff0d57027f-signal_sigsegv_b30756_3795_cov_2693691257_ansi256.ans Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit d42ec8433c687fcbccefa51a7716d81920218e4f) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2014-02-17 20:49:42 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2014-02-17 20:56:24 +0100
commit: d41f4e8dc82bc734cd1beba5d5ef4a7b2038d15f (patch)
tree: 29f9c2a2163ad0b96f65d5e9788ecbec310b670e
parent: bc1c8ec5e65098fd2ccd8456f667151dfc9cda42 (diff)
download: ffmpeg-d41f4e8dc82bc734cd1beba5d5ef4a7b2038d15f.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/ansi.c b/libavcodec/ansi.c
index 68132dfb1c..71c2ed3ed5 100644
--- a/libavcodec/ansi.c
+++ b/libavcodec/ansi.c
@@ -417,7 +417,7 @@ static int decode_frame(AVCodecContext *avctx,
             switch(buf[0]) {
             case '0': case '1': case '2': case '3': case '4':
             case '5': case '6': case '7': case '8': case '9':
-                if (s->nb_args < MAX_NB_ARGS)
+                if (s->nb_args < MAX_NB_ARGS && s->args[s->nb_args] < 6553)
                     s->args[s->nb_args] = FFMAX(s->args[s->nb_args], 0) * 10 + buf[0] - '0';
                 break;
             case ';':
author	Michael Niedermayer <michaelni@gmx.at>	2014-02-17 20:49:42 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2014-02-17 20:56:24 +0100
commit	d41f4e8dc82bc734cd1beba5d5ef4a7b2038d15f (patch)
tree	29f9c2a2163ad0b96f65d5e9788ecbec310b670e
parent	bc1c8ec5e65098fd2ccd8456f667151dfc9cda42 (diff)
download	ffmpeg-d41f4e8dc82bc734cd1beba5d5ef4a7b2038d15f.tar.gz