[FFmpeg-devel] [PATCH 1/2] avcodec/dvdsubdec: error on bitmaps with size 0
wm4
nfxjfg at googlemail.com
Wed Jan 7 23:57:50 CET 2015
Attemtping to decode them could lead to invalid writes with some fuzzed
samples.
---
libavcodec/dvdsubdec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c
index 2423cad..1cc34ea 100644
--- a/libavcodec/dvdsubdec.c
+++ b/libavcodec/dvdsubdec.c
@@ -111,6 +111,9 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, int h,
if (start >= buf_size)
return -1;
+ if (w <= 0 || h <= 0)
+ return -1;
+
bit_len = (buf_size - start) * 8;
init_get_bits(&gb, buf + start, bit_len);
--
2.1.4
More information about the ffmpeg-devel
mailing list