[FFmpeg-cvslog] shorten: validate block size

[Justin Ruggles]

ffmpeg | branch: master | Justin Ruggles <justin.ruggles at gmail.com> | Fri Sep 16 15:31:31 2011 -0400| [cfa317f67d023443c8f097524b367ec9c48f5c81] | committer: Justin Ruggles

shorten: validate block size

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cfa317f67d023443c8f097524b367ec9c48f5c81
---

 libavcodec/shorten.c |   17 +++++++++++++++--
 1 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 2502587..3f06e57 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -330,8 +330,16 @@ static int read_header(ShortenContext *s)
 
     /* get blocksize if version > 0 */
     if (s->version > 0) {
-        int skip_bytes;
-        s->blocksize = get_uint(s, av_log2(DEFAULT_BLOCK_SIZE));
+        int skip_bytes, blocksize;
+
+        blocksize = get_uint(s, av_log2(DEFAULT_BLOCK_SIZE));
+        if (!blocksize || blocksize > MAX_BLOCKSIZE) {
+            av_log(s->avctx, AV_LOG_ERROR, "invalid or unsupported block size: %d\n",
+                   blocksize);
+            return AVERROR(EINVAL);
+        }
+        s->blocksize = blocksize;
+
         maxnlpc = get_uint(s, LPCQSIZE);
         s->nmean = get_uint(s, 0);
 
@@ -456,6 +464,11 @@ static int shorten_decode_frame(AVCodecContext *avctx,
                         av_log(avctx, AV_LOG_ERROR, "Increasing block size is not supported\n");
                         return AVERROR_PATCHWELCOME;
                     }
+                    if (!blocksize || blocksize > MAX_BLOCKSIZE) {
+                        av_log(avctx, AV_LOG_ERROR, "invalid or unsupported "
+                               "block size: %d\n", blocksize);
+                        return AVERROR(EINVAL);
+                    }
                     s->blocksize = blocksize;
                     break;
                 }