[FFmpeg-cvslog] avcodec/mpeg4videodec: Check P cbpy
Michael Niedermayer
git at videolan.org
Sat Jul 11 00:30:17 CEST 2015
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Sat Jul 11 00:05:40 2015 +0200| [c06e556274446a45efab34745c05049033389260] | committer: Michael Niedermayer
avcodec/mpeg4videodec: Check P cbpy
Fixes undefined behavior
Fixes: signal_sigsegv_c3097a_991_xtrem_e2_m64q15_a32sxx.3gp
Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c06e556274446a45efab34745c05049033389260
---
libavcodec/mpeg4videodec.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index cb2a502..2234e37 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -1354,6 +1354,11 @@ static int mpeg4_decode_mb(MpegEncContext *s, int16_t block[6][64])
else
s->mcsel = 0;
cbpy = get_vlc2(&s->gb, ff_h263_cbpy_vlc.table, CBPY_VLC_BITS, 1) ^ 0x0F;
+ if (cbpy < 0) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "P cbpy damaged at %d %d\n", s->mb_x, s->mb_y);
+ return AVERROR_INVALIDDATA;
+ }
cbp = (cbpc & 3) | (cbpy << 2);
if (dquant)
More information about the ffmpeg-cvslog
mailing list