[FFmpeg-cvslog] avcodec/dvdsubdec: error on bitmaps with size 0
wm4
git at videolan.org
Tue Jan 20 03:36:13 CET 2015
ffmpeg | branch: release/2.2 | wm4 <nfxjfg at googlemail.com> | Wed Jan 7 23:57:50 2015 +0100| [b76dc8b5b8f7a637b3232329d574a42af35878ca] | committer: Michael Niedermayer
avcodec/dvdsubdec: error on bitmaps with size 0
Attemtping to decode them could lead to invalid writes with some fuzzed
samples.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit bcaa9099b3648b47060e1724a97dc98b63c83702)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b76dc8b5b8f7a637b3232329d574a42af35878ca
---
libavcodec/dvdsubdec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c
index 0fcf0fb..122a4c7 100644
--- a/libavcodec/dvdsubdec.c
+++ b/libavcodec/dvdsubdec.c
@@ -108,6 +108,9 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, int h,
if (start >= buf_size)
return -1;
+ if (w <= 0 || h <= 0)
+ return -1;
+
bit_len = (buf_size - start) * 8;
init_get_bits(&gb, buf + start, bit_len);
More information about the ffmpeg-cvslog
mailing list