[FFmpeg-cvslog] imc: sanity check scalefactors.
    Michael Niedermayer 
    git at videolan.org
       
    Wed Nov 14 00:07:09 CET 2012
    
    
  
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Nov 14 00:01:56 2012 +0100| [2f74f8d7dce2baff3a4401130a8e479c2899fd16] | committer: Michael Niedermayer
imc: sanity check scalefactors.
This fixes undefined behavior
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2f74f8d7dce2baff3a4401130a8e479c2899fd16
---
 libavcodec/imc.c |    7 +++++++
 1 file changed, 7 insertions(+)
diff --git a/libavcodec/imc.c b/libavcodec/imc.c
index fff4b90..fdf8e2c 100644
--- a/libavcodec/imc.c
+++ b/libavcodec/imc.c
@@ -805,6 +805,13 @@ static int imc_decode_block(AVCodecContext *avctx, IMCContext *q, int ch)
         imc_decode_level_coefficients2(q, chctx->levlCoeffBuf, chctx->old_floor,
                                        chctx->flcoeffs1, chctx->flcoeffs2);
 
+    for(i=0; i<BANDS; i++) {
+        if(chctx->flcoeffs1[i] > INT_MAX) {
+            av_log(avctx, AV_LOG_ERROR, "scalefactor out of range\n");
+            return AVERROR_INVALIDDATA;
+        }
+    }
+
     memcpy(chctx->old_floor, chctx->flcoeffs1, 32 * sizeof(float));
 
     counter = 0;
    
    
More information about the ffmpeg-cvslog
mailing list