[FFmpeg-cvslog] webp: validate the distance prefix code
Andreas Cadhalpun
git at videolan.org
Thu Mar 5 20:08:07 CET 2015
ffmpeg | branch: master | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Mon Mar 2 20:47:57 2015 +0100| [4f2ee9daeedec636fb4fe953a1e0990a7102d5eb] | committer: Anton Khirnov
webp: validate the distance prefix code
According to the WebP Lossless Bitstream Specification the highest
allowed value for a prefix code is 39.
If prefix_code is too large, the calculated extra_bits has an invalid
value and triggers an assertion in get_bits.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
Signed-off-by: Anton Khirnov <anton at khirnov.net>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4f2ee9daeedec636fb4fe953a1e0990a7102d5eb
---
libavcodec/webp.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/webp.c b/libavcodec/webp.c
index b98fa4d..58f7810 100644
--- a/libavcodec/webp.c
+++ b/libavcodec/webp.c
@@ -688,6 +688,11 @@ static int decode_entropy_coded_image(WebPContext *s, enum ImageRole role,
length = offset + get_bits(&s->gb, extra_bits) + 1;
}
prefix_code = huff_reader_get_symbol(&hg[HUFF_IDX_DIST], &s->gb);
+ if (prefix_code > 39) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "distance prefix code too large: %d\n", prefix_code);
+ return AVERROR_INVALIDDATA;
+ }
if (prefix_code < 4) {
distance = prefix_code + 1;
} else {
More information about the ffmpeg-cvslog
mailing list