[FFmpeg-cvslog] avcodec/diracdec: Tighter checks on CODEBLOCKS_X/Y

Michael Niedermayer git at videolan.org
Sat Nov 1 15:58:22 CET 2014


ffmpeg | branch: release/2.2 | Michael Niedermayer <michaelni at gmx.at> | Tue Oct 28 01:23:40 2014 +0100| [81e1b5f5fe5b1200bd6baf48769999f6631af590] | committer: Michael Niedermayer

avcodec/diracdec: Tighter checks on CODEBLOCKS_X/Y

Fixes very long but finite loop
Fixes: asan_heap-oob_107866c_42_041.drc
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 5145d22b88b9835db81c4d286b931a78e08ab76a)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=81e1b5f5fe5b1200bd6baf48769999f6631af590
---

 libavcodec/diracdec.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/diracdec.c b/libavcodec/diracdec.c
index c4e9751..5579dfb 100644
--- a/libavcodec/diracdec.c
+++ b/libavcodec/diracdec.c
@@ -1002,8 +1002,8 @@ static int dirac_unpack_idwt_params(DiracContext *s)
         /* Codeblock parameters (core syntax only) */
         if (get_bits1(gb)) {
             for (i = 0; i <= s->wavelet_depth; i++) {
-                CHECKEDREAD(s->codeblock[i].width , tmp < 1, "codeblock width invalid\n")
-                CHECKEDREAD(s->codeblock[i].height, tmp < 1, "codeblock height invalid\n")
+                CHECKEDREAD(s->codeblock[i].width , tmp < 1 || tmp > (s->avctx->width >>s->wavelet_depth-i), "codeblock width invalid\n")
+                CHECKEDREAD(s->codeblock[i].height, tmp < 1 || tmp > (s->avctx->height>>s->wavelet_depth-i), "codeblock height invalid\n")
             }
 
             CHECKEDREAD(s->codeblock_mode, tmp > 1, "unknown codeblock mode\n")



More information about the ffmpeg-cvslog mailing list