diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2012-06-04 12:29:16 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-06-04 12:29:25 +0200 |
| commit | acc665f22c5c2cb8a507c6ca49756995a4742038 (patch) | |
| tree | 436f81743d3a5dbc3d8be31743e27bb49e2a3d51 /libavcodec/kmvc.c | |
| parent | a55db1fc497dfa30e9f0596f8bb203f7645d17b7 (diff) | |
| parent | 4c223fe519174f0d7086f4698e9f7b9840cf15e9 (diff) | |
| download | ffmpeg-acc665f22c5c2cb8a507c6ca49756995a4742038.tar.gz | |
Merge remote-tracking branch 'qatar/release/0.5' into release/0.5
* qatar/release/0.5:
Bump version number for 0.5.9 release.
png: check bit depth for PAL8/Y400A pixel formats.
tqi: Pass errors from the MB decoder
eatqi: move "block" variable into context to ensure sufficient alignment for idct_put for compilers/architectures that can not align stack variables that much. This is also consistent with similar code in eatgq.c
ea: check chunk_size for validity.
vfwcap: Include windows.h before vfw.h since the latter requires defines from the former. Patch by kemuri <kemuri9 at gmail dot com>
mingw32: merge checks for mingw-w64 and mingw32-runtime >= 3.15 into one
mingw32: properly check if vfw capture is supported by the system headers
Replace every usage of -lvfw32 with what is particularly necessary for that case: Avisynth -> -lavifil32 VFW Cap -> -lavicap32 Patch by kemuri <kemuri9 at gmail dot com>
configure: properly check for mingw-w64 through installed headers. mingw-w64 can also target 32-bit code.
qdm2: clip array indices returned by qdm2_get_vlc().
kmvc: Check palsize.
adpcm: ADPCM Electronic Arts has always two channels
h264: Add check for invalid chroma_format_idc
dpcm: ignore extra unpaired bytes in stereo streams.
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/kmvc.c')
| -rw-r--r-- | libavcodec/kmvc.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/libavcodec/kmvc.c b/libavcodec/kmvc.c index 30939ab411..69b5937668 100644 --- a/libavcodec/kmvc.c +++ b/libavcodec/kmvc.c @@ -33,6 +33,7 @@ #define KMVC_KEYFRAME 0x80 #define KMVC_PALETTE 0x40 #define KMVC_METHOD 0x0F +#define MAX_PALSIZE 256 /* * Decoder context @@ -43,7 +44,7 @@ typedef struct KmvcContext { int setpal; int palsize; - uint32_t pal[256]; + uint32_t pal[MAX_PALSIZE]; uint8_t *cur, *prev; uint8_t *frm0, *frm1; } KmvcContext; @@ -366,6 +367,10 @@ static av_cold int decode_init(AVCodecContext * avctx) c->palsize = 127; } else { c->palsize = AV_RL16(avctx->extradata + 10); + if (c->palsize >= MAX_PALSIZE) { + av_log(avctx, AV_LOG_ERROR, "KMVC palette too large\n"); + return AVERROR_INVALIDDATA; + } } if (avctx->extradata_size == 1036) { // palette in extradata |