[FFmpeg-devel] [PATCH] clamp theora filter_limit_values
Reimar Döffinger
Reimar.Doeffinger
Sun Jul 5 10:04:18 CEST 2009
Hello,
this fixes a out-of-bounds write in init_loop_filter with
ogv/smclock.ogv.1.84.ogv from issue 1240.
My patch would just limit the filter limit values read from the file to 64,
which avoids the issue. If larger values are allowed, e.g. the size of
the bounding_values_array would have to be increased.
Index: vp3.c
===================================================================
--- vp3.c (revision 19346)
+++ vp3.c (working copy)
@@ -2164,8 +2165,13 @@
if (s->theora >= 0x030200) {
n = get_bits(gb, 3);
/* loop filter limit values table */
- for (i = 0; i < 64; i++)
+ for (i = 0; i < 64; i++) {
s->filter_limit_values[i] = get_bits(gb, n);
+ if (s->filter_limit_values[i] > 64) {
+ av_log(avctx, AV_LOG_ERROR, "filter limit value too large (%i > 64), clamping\n", s->filter_limit_values[i]);
+ s->filter_limit_values[i] = 64;
+ }
+ }
}
if (s->theora >= 0x030200)
More information about the ffmpeg-devel
mailing list