[FFmpeg-cvslog] dv: check stype
Michael Niedermayer
git at videolan.org
Thu Feb 2 02:46:24 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Jan 24 17:48:23 2012 +0100| [635bcfccd439480003b74a665b5aa7c872c1ad6b] | committer: Alex Converse
dv: check stype
dv: check stype
Fixes part1 of CVE-2011-3929
Possibly fixes part of CVE-2011-3936
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Roman Shaposhnik <roman at shaposhnik.org>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
Signed-off-by: Alex Converse <alex.converse at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=635bcfccd439480003b74a665b5aa7c872c1ad6b
---
libavformat/dv.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/libavformat/dv.c b/libavformat/dv.c
index 4106dfd..c90ddec 100644
--- a/libavformat/dv.c
+++ b/libavformat/dv.c
@@ -204,6 +204,12 @@ static int dv_extract_audio_info(DVDemuxContext* c, uint8_t* frame)
stype = (as_pack[3] & 0x1f); /* 0 - 2CH, 2 - 4CH, 3 - 8CH */
quant = as_pack[4] & 0x07; /* 0 - 16bit linear, 1 - 12bit nonlinear */
+ if (stype > 3) {
+ av_log(c->fctx, AV_LOG_ERROR, "stype %d is invalid\n", stype);
+ c->ach = 0;
+ return 0;
+ }
+
/* note: ach counts PAIRS of channels (i.e. stereo channels) */
ach = ((int[4]){ 1, 0, 2, 4})[stype];
if (ach == 1 && quant && freq == 2)
More information about the ffmpeg-cvslog
mailing list