[FFmpeg-cvslog] smacker: add sanity check for length in smacker_decode_tree()

Michael Niedermayer git at videolan.org
Thu Jun 21 19:49:41 CEST 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Jun 21 16:01:52 2012 +0200| [b829da363985cb2f80130bba304cc29a632f6446] | committer: Michael Niedermayer

smacker: add sanity check for length in smacker_decode_tree()

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b829da363985cb2f80130bba304cc29a632f6446
---

 libavcodec/smacker.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index c177510..0179420 100644
--- a/libavcodec/smacker.c
+++ b/libavcodec/smacker.c
@@ -96,6 +96,10 @@ enum SmkBlockTypes {
  */
 static int smacker_decode_tree(GetBitContext *gb, HuffContext *hc, uint32_t prefix, int length)
 {
+    if(length > 32) {
+        av_log(NULL, AV_LOG_ERROR, "length too long\n");
+        return -1;
+    }
     if(!get_bits1(gb)){ //Leaf
         if(hc->current >= 256){
             av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n");



More information about the ffmpeg-cvslog mailing list