indeo5dec: Make sure we have had a valid gop header.

This prevents decoding happening on a half initialized context. Fixes CVE-2012-2779 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>
author: Michael Niedermayer <michaelni@gmx.at> 2012-03-24 17:43:55 +0100
committer: Anton Khirnov <anton@khirnov.net> 2012-09-29 09:26:30 +0200
commit: 891918431db628db17885ed947ee387b29826a64 (patch)
tree: 3a16b786f3101ed011c9e18fc1f1f5ecef3e8115 /libavcodec/indeo5.c
parent: c20a69630619d14ae92c5541d52c579d7c8f3e94 (diff)
download: ffmpeg-891918431db628db17885ed947ee387b29826a64.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/libavcodec/indeo5.c b/libavcodec/indeo5.c
index 47437aecd4..4f8e0d8e96 100644
--- a/libavcodec/indeo5.c
+++ b/libavcodec/indeo5.c
@@ -304,8 +304,12 @@ static int decode_pic_hdr(IVI45DecContext *ctx, AVCodecContext *avctx)
     ctx->frame_num = get_bits(&ctx->gb, 8);
 
     if (ctx->frame_type == FRAMETYPE_INTRA) {
-        if (decode_gop_header(ctx, avctx))
-            return -1;
+        ctx->gop_invalid = 1;
+        if (decode_gop_header(ctx, avctx)) {
+            av_log(avctx, AV_LOG_ERROR, "Invalid GOP header, skipping frames.\n");
+            return AVERROR_INVALIDDATA;
+        }
+        ctx->gop_invalid = 0;
     }
 
     if (ctx->frame_type != FRAMETYPE_NULL) {
author	Michael Niedermayer <michaelni@gmx.at>	2012-03-24 17:43:55 +0100
committer	Anton Khirnov <anton@khirnov.net>	2012-09-29 09:26:30 +0200
commit	891918431db628db17885ed947ee387b29826a64 (patch)
tree	3a16b786f3101ed011c9e18fc1f1f5ecef3e8115 /libavcodec/indeo5.c
parent	c20a69630619d14ae92c5541d52c579d7c8f3e94 (diff)
download	ffmpeg-891918431db628db17885ed947ee387b29826a64.tar.gz