[FFmpeg-devel] [PATCH 2/2] avcodec/encode: Check nb_colors

[Michael Niedermayer]

Fixes: integer overflow

No testcase

Found-by: 김승호 <kimsho98 at naver.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
 libavcodec/encode.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/encode.c b/libavcodec/encode.c
index 72dfa8867ab..6a7781336f2 100644
--- a/libavcodec/encode.c
+++ b/libavcodec/encode.c
@@ -197,6 +197,12 @@ int avcodec_encode_subtitle(AVCodecContext *avctx, uint8_t *buf, int buf_size,
         return -1;
     }
 
+    for (int i = 0; i<sub->num_rects; i++)
+        if (sub->rects[i]->nb_colors > 256) {
+            av_log(avctx, AV_LOG_ERROR, "nb_colors %d in rect %d is too large\n", sub->rects[i]->nb_colors, i);
+            return AVERROR_PATCHWELCOME;
+        }
+
     ret = ffcodec(avctx->codec)->cb.encode_sub(avctx, buf, buf_size, sub);
     avctx->frame_num++;
     return ret;
-- 
2.49.0