[FFmpeg-cvslog] r8919 - trunk/libavcodec/h263.c
michael
subversion
Sun May 6 17:25:04 CEST 2007
Author: michael
Date: Sun May 6 17:25:04 2007
New Revision: 8919
Log:
fix possibly exploitable stack overflow with num_sprite_warping_points (found by reimar)
Modified:
trunk/libavcodec/h263.c
Modified: trunk/libavcodec/h263.c
==============================================================================
--- trunk/libavcodec/h263.c (original)
+++ trunk/libavcodec/h263.c Sun May 6 17:25:04 2007
@@ -5665,6 +5665,11 @@ static int decode_vol_header(MpegEncCont
skip_bits1(gb); /* marker */
}
s->num_sprite_warping_points= get_bits(gb, 6);
+ if(s->num_sprite_warping_points > 3){
+ av_log(s->avctx, AV_LOG_ERROR, "%d sprite_warping_points\n", s->num_sprite_warping_points);
+ s->num_sprite_warping_points= 0;
+ return -1;
+ }
s->sprite_warping_accuracy = get_bits(gb, 2);
s->sprite_brightness_change= get_bits1(gb);
if(s->vol_sprite_usage==STATIC_SPRITE)
More information about the ffmpeg-cvslog
mailing list