aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Converse <alex.converse@gmail.com>2012-01-25 15:27:11 -0800
committerAlex Converse <alex.converse@gmail.com>2012-01-26 10:17:04 -0800
commitdac56d9ce01eb9963f28f26b97a81db5cbd46c1c (patch)
tree869465ef200d78f84fcca8b13413e7f0dc3343d6
parent62271c4c9a1a4bea6c3de88019429d7f88c847ec (diff)
downloadffmpeg-dac56d9ce01eb9963f28f26b97a81db5cbd46c1c.tar.gz
qdm2: Check data block size for bytes to bits overflow.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org
-rw-r--r--libavcodec/qdm2.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index 91c47a8ec2..6acb7d8362 100644
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -1819,6 +1819,10 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx)
extradata += 4;
s->checksum_size = AV_RB32(extradata);
+ if (s->checksum_size >= 1U << 28) {
+ av_log(avctx, AV_LOG_ERROR, "data block size too large (%u)\n", s->checksum_size);
+ return AVERROR_INVALIDDATA;
+ }
s->fft_order = av_log2(s->fft_size) + 1;
s->fft_frame_size = 2 * s->fft_size; // complex has two floats