[FFmpeg-devel] [PATCH 4/7] Check for invalid/corrupted bitstream in sun raster decoder.

Michael Niedermayer michaelni at gmx.at
Wed Sep 28 00:52:58 CEST 2011


On Wed, Sep 28, 2011 at 12:35:58AM +0200, Laurent Aimar wrote:
> > > diff --git a/libavcodec/sunrast.c b/libavcodec/sunrast.c
> > > index 57b0734..494af5d 100644
> > > --- a/libavcodec/sunrast.c
> > > +++ b/libavcodec/sunrast.c
> > > @@ -68,21 +68,29 @@ static int sunrast_decode_frame(AVCodecContext *avctx, void *data,
> > >      type      = AV_RB32(buf+20);
> > >      maptype   = AV_RB32(buf+24);
> > >      maplength = AV_RB32(buf+28);
> > > +    buf += 32;
> > >  
> > > -    if (type == RT_FORMAT_TIFF || type == RT_FORMAT_IFF) {
> > > -        av_log(avctx, AV_LOG_ERROR, "unsupported (compression) type\n");
> > > +    if (type < RT_OLD || type > RT_FORMAT_IFF) {
> > > +        av_log(avctx, AV_LOG_ERROR, "invalid (compression) type\n");
> > >          return -1;
> > >      }
> > > -    if (type > RT_FORMAT_IFF) {
> > > -        av_log(avctx, AV_LOG_ERROR, "invalid (compression) type\n");
> > > +    if (av_image_check_size(w, h, 0, avctx)) {
> > > +        av_log(avctx, AV_LOG_ERROR, "invalid image size\n");
> > >          return -1;
> > >      }
> > >      if (maptype & ~1) {
> > >          av_log(avctx, AV_LOG_ERROR, "invalid colormap type\n");
> > >          return -1;
> > >      }
> > 
> > > +    if (maplength < 0) {
> > > +        av_log(avctx, AV_LOG_ERROR, "invalid map length\n");
> > > +        return -1;
> > > +    }
> > 
> > This seems impossible, maplength is unsigned
> You are right, I misread it.
> Patch attached.
> 
> -- 
> fenrir

>  sunrast.c |   16 +++++++++-------
>  1 file changed, 9 insertions(+), 7 deletions(-)
> 7e45e6b15cdf4d7fc66dbd03364f9dee5a97a7a6  0001-Check-for-invalid-corrupted-bitstream-in-sun-raster-.patch
> From 18391aa1299dbbdb8670b483cb37a2e9ca7f0018 Mon Sep 17 00:00:00 2001
> From: Laurent Aimar <fenrir at videolan.org>
> Date: Tue, 27 Sep 2011 21:24:03 +0200
> Subject: [PATCH 1/5] Check for invalid/corrupted bitstream in sun raster decoder.

applied, thanks

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Complexity theory is the science of finding the exact solution to an
approximation. Benchmarking OTOH is finding an approximation of the exact
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110928/afd438a2/attachment.asc>


More information about the ffmpeg-devel mailing list