aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
diff options
context:
space:
mode:
authorDale Curtis <dalecurtis@chromium.org>2017-11-17 16:05:30 -0800
committerMichael Niedermayer <michael@niedermayer.cc>2017-12-02 00:28:59 +0100
commitc09d587ac54d0ecb8190618fb867e9fd907e1359 (patch)
tree4f8c0907b2bb1b1dd5f4a435140bc280697751aa /libavcodec
parent712814fb17b62557d17d0bcff5b57e2a9d8e613c (diff)
downloadffmpeg-c09d587ac54d0ecb8190618fb867e9fd907e1359.tar.gz
Fix undefined shift on assumed 8-bit input.
decode_user_data() attempts to create an integer |build| value with 8 bits of spacing for 3 components. However each component is an int32_t, so shifting each component is undefined for values outside of the 8 bit range. This patch simply clamps input to 8-bits per component and prints out a warning that the values were clamped. Signed-off-by: Dale Curtis <dalecurtis@chromium.org> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 7010dd98b575d2e39fca947e609b85be7490b269) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec')
-rw-r--r--libavcodec/mpeg4videodec.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index cb2224a07b..d9d67b0fe4 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -2139,8 +2139,15 @@ static int decode_user_data(Mpeg4DecContext *ctx, GetBitContext *gb)
e = sscanf(buf, "FFmpeg v%d.%d.%d / libavcodec build: %d", &ver, &ver2, &ver3, &build);
if (e != 4) {
e = sscanf(buf, "Lavc%d.%d.%d", &ver, &ver2, &ver3) + 1;
- if (e > 1)
- build = (ver << 16) + (ver2 << 8) + ver3;
+ if (e > 1) {
+ if (ver > 0xFF || ver2 > 0xFF || ver3 > 0xFF) {
+ av_log(s->avctx, AV_LOG_WARNING,
+ "Unknown Lavc version string encountered, %d.%d.%d; "
+ "clamping sub-version values to 8-bits.\n",
+ ver, ver2, ver3);
+ }
+ build = ((ver & 0xFF) << 16) + ((ver2 & 0xFF) << 8) + (ver3 & 0xFF);
+ }
}
if (e != 4) {
if (strcmp(buf, "ffmpeg") == 0)