[FFmpeg-cvslog] avcodec/g2meet: Check R/G/B values in epic_decode_pixel_pred()

Michael Niedermayer git at videolan.org
Fri Jul 10 19:01:59 CEST 2015


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Fri Jul 10 16:54:51 2015 +0200| [b1e242bc565665420661e016127fe07b4b615ecb] | committer: Michael Niedermayer

avcodec/g2meet: Check R/G/B values in epic_decode_pixel_pred()

Fixes: asan_double-free_d34593_861_smp3.wmv

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b1e242bc565665420661e016127fe07b4b615ecb
---

 libavcodec/g2meet.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c
index b952adb..22efd75 100644
--- a/libavcodec/g2meet.c
+++ b/libavcodec/g2meet.c
@@ -555,6 +555,11 @@ static uint32_t epic_decode_pixel_pred(ePICContext *dc, int x, int y,
         B     = ((pred >> B_shift) & 0xFF) - TOSIGNED(delta);
     }
 
+    if (R<0 || G<0 || B<0) {
+        av_log(NULL, AV_LOG_ERROR, "RGB %d %d %d is out of range\n", R, G, B);
+        return 0;
+    }
+
     return (R << R_shift) | (G << G_shift) | (B << B_shift);
 }
 



More information about the ffmpeg-cvslog mailing list