generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

kvmc: Check palsize.

Browse Source 
Fixes: CVE-2011-3952

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-01-26 17:30:49 +01:00
parent 1860c66c54
commit 70dba1e3c8
1 changed files with 5 additions and 0 deletions

5
libavcodec/kmvc.c

@ -380,6 +380,11 @@ static av_cold int decode_init(AVCodecContext * avctx)
c->palsize = 127; c->palsize = 127;
} else { } else {
c->palsize = AV_RL16(avctx->extradata + 10); c->palsize = AV_RL16(avctx->extradata + 10);
if (c->palsize > 255U) {
c->palsize = 127;
av_log(NULL, AV_LOG_ERROR, "palsize too big\n");
return -1;
}
} }
if (avctx->extradata_size == 1036) { // palette in extradata if (avctx->extradata_size == 1036) { // palette in extradata