[FFmpeg-devel] [PATCH] oggparsedaala: check number of planes in pixel format map
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Tue Dec 29 17:09:49 CET 2015
This fixes crashes caused by out-of-bounds writes.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
libavformat/oggparsedaala.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libavformat/oggparsedaala.c b/libavformat/oggparsedaala.c
index dda8d70..24567f9 100644
--- a/libavformat/oggparsedaala.c
+++ b/libavformat/oggparsedaala.c
@@ -130,6 +130,12 @@ static int daala_header(AVFormatContext *s, int idx)
hdr->fpr = bytestream2_get_byte(&gb);
hdr->format.planes = bytestream2_get_byte(&gb);
+ if (hdr->format.planes > 4) {
+ av_log(s, AV_LOG_ERROR,
+ "Invalid number of planes %d in daala pixel format map.\n",
+ hdr->format.planes);
+ return AVERROR_INVALIDDATA;
+ }
for (i = 0; i < hdr->format.planes; i++) {
hdr->format.xdec[i] = bytestream2_get_byte(&gb);
hdr->format.ydec[i] = bytestream2_get_byte(&gb);
--
2.6.4
More information about the ffmpeg-devel
mailing list