[FFmpeg-cvslog] avcodec/scpr: make sure count and min are valid
Paul B Mahol
git at videolan.org
Fri Sep 7 16:11:56 EEST 2018
ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Fri Sep 7 15:09:40 2018 +0200| [cc24665f4479af6eb49c05033bf2d6fbae8c1f83] | committer: Paul B Mahol
avcodec/scpr: make sure count and min are valid
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cc24665f4479af6eb49c05033bf2d6fbae8c1f83
---
libavcodec/scpr.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/scpr.c b/libavcodec/scpr.c
index ee6bf21b71..f1584355c0 100644
--- a/libavcodec/scpr.c
+++ b/libavcodec/scpr.c
@@ -529,7 +529,7 @@ static int decompress_p(AVCodecContext *avctx,
return ret;
max += temp << 8;
- if (min > max)
+ if (min > max || min >= s->nbcount)
return AVERROR_INVALIDDATA;
memset(s->blocks, 0, sizeof(*s->blocks) * s->nbcount);
@@ -541,6 +541,8 @@ static int decompress_p(AVCodecContext *avctx,
ret |= decode_value(s, s->count_model, 256, 20, &count);
if (ret < 0)
return ret;
+ if (count <= 0)
+ return AVERROR_INVALIDDATA;
while (min < s->nbcount && count-- > 0) {
s->blocks[min++] = fill;
More information about the ffmpeg-cvslog
mailing list