diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2012-11-14 00:01:56 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-11-14 00:03:42 +0100 |
| commit | 2f74f8d7dce2baff3a4401130a8e479c2899fd16 (patch) | |
| tree | 3fdfeb4988d5f4ea9f46f0885682ed00891d2042 /libavcodec/imc.c | |
| parent | 1f1960519a1700985b5f645a2950c10581f78a73 (diff) | |
| download | ffmpeg-2f74f8d7dce2baff3a4401130a8e479c2899fd16.tar.gz | |
imc: sanity check scalefactors.
This fixes undefined behavior
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/imc.c')
| -rw-r--r-- | libavcodec/imc.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/libavcodec/imc.c b/libavcodec/imc.c index fff4b90ee7..fdf8e2cb28 100644 --- a/libavcodec/imc.c +++ b/libavcodec/imc.c @@ -805,6 +805,13 @@ static int imc_decode_block(AVCodecContext *avctx, IMCContext *q, int ch) imc_decode_level_coefficients2(q, chctx->levlCoeffBuf, chctx->old_floor, chctx->flcoeffs1, chctx->flcoeffs2); + for(i=0; i<BANDS; i++) { + if(chctx->flcoeffs1[i] > INT_MAX) { + av_log(avctx, AV_LOG_ERROR, "scalefactor out of range\n"); + return AVERROR_INVALIDDATA; + } + } + memcpy(chctx->old_floor, chctx->flcoeffs1, 32 * sizeof(float)); counter = 0; |