generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

webp: validate the distance prefix code

Browse Source 
According to the WebP Lossless Bitstream Specification the highest
allowed value for a prefix code is 39.

If prefix_code is too large, the calculated extra_bits has an invalid
value and triggers an assertion in get_bits.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
Andreas Cadhalpun
2015-03-02 20:47:57 +01:00
committed by Vittorio Giovara
parent 772f50c1f3
commit 61c966ef30
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/webp.c
View File

@@ -684,6 +684,11 @@ static int decode_entropy_coded_image(WebPContext *s, enum ImageRole role,
length = offset + get_bits(&s->gb, extra_bits) + 1;
}
prefix_code = huff_reader_get_symbol(&hg[HUFF_IDX_DIST], &s->gb);
if (prefix_code > 39) {
av_log(s->avctx, AV_LOG_ERROR,
"distance prefix code too large: %d\n", prefix_code);
return AVERROR_INVALIDDATA;
}
if (prefix_code < 4) {
distance = prefix_code + 1;
} else {