diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2017-05-13 23:21:24 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2017-05-13 23:22:22 +0200 |
commit | 8c5cd1c9d33b4b287f85d42efb1aecfaee31de6c (patch) | |
tree | c7d8134b5079e43b2aea26ffa4de0f076a578b4a /libavcodec | |
parent | 86b1b0d33dd7459f0d9c352c51ee2e374fd6f7fe (diff) | |
download | ffmpeg-8c5cd1c9d33b4b287f85d42efb1aecfaee31de6c.tar.gz |
avcodec/webp: Fix signedness in prefix_code check
Fixes: out of array read
Fixes: 1557/clusterfuzz-testcase-minimized-6535013757616128
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavcodec')
-rw-r--r-- | libavcodec/webp.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/webp.c b/libavcodec/webp.c index 8281cc45b4..50a8da1000 100644 --- a/libavcodec/webp.c +++ b/libavcodec/webp.c @@ -694,7 +694,7 @@ static int decode_entropy_coded_image(WebPContext *s, enum ImageRole role, length = offset + get_bits(&s->gb, extra_bits) + 1; } prefix_code = huff_reader_get_symbol(&hg[HUFF_IDX_DIST], &s->gb); - if (prefix_code > 39) { + if (prefix_code > 39U) { av_log(s->avctx, AV_LOG_ERROR, "distance prefix code too large: %d\n", prefix_code); return AVERROR_INVALIDDATA; |