aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2012-11-14 00:01:56 +0100
committerMichael Niedermayer <michaelni@gmx.at>2012-11-14 00:03:42 +0100
commit2f74f8d7dce2baff3a4401130a8e479c2899fd16 (patch)
tree3fdfeb4988d5f4ea9f46f0885682ed00891d2042 /libavcodec
parent1f1960519a1700985b5f645a2950c10581f78a73 (diff)
downloadffmpeg-2f74f8d7dce2baff3a4401130a8e479c2899fd16.tar.gz
imc: sanity check scalefactors.
This fixes undefined behavior Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec')
-rw-r--r--libavcodec/imc.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/libavcodec/imc.c b/libavcodec/imc.c
index fff4b90ee7..fdf8e2cb28 100644
--- a/libavcodec/imc.c
+++ b/libavcodec/imc.c
@@ -805,6 +805,13 @@ static int imc_decode_block(AVCodecContext *avctx, IMCContext *q, int ch)
imc_decode_level_coefficients2(q, chctx->levlCoeffBuf, chctx->old_floor,
chctx->flcoeffs1, chctx->flcoeffs2);
+ for(i=0; i<BANDS; i++) {
+ if(chctx->flcoeffs1[i] > INT_MAX) {
+ av_log(avctx, AV_LOG_ERROR, "scalefactor out of range\n");
+ return AVERROR_INVALIDDATA;
+ }
+ }
+
memcpy(chctx->old_floor, chctx->flcoeffs1, 32 * sizeof(float));
counter = 0;