[FFmpeg-devel] [PATCH] escape124: reject codebook size 0
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Wed Nov 9 01:42:16 EET 2016
It causes a cb_depth of 32, leading to assertion failures in get_bits.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
libavcodec/escape124.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavcodec/escape124.c b/libavcodec/escape124.c
index b872b3a..c3174ce 100644
--- a/libavcodec/escape124.c
+++ b/libavcodec/escape124.c
@@ -249,6 +249,10 @@ static int escape124_decode_frame(AVCodecContext *avctx,
// This codebook can be cut off at places other than
// powers of 2, leaving some of the entries undefined.
cb_size = get_bits_long(&gb, 20);
+ if (!cb_size) {
+ av_log(avctx, AV_LOG_ERROR, "Invalid codebook size 0.\n");
+ return AVERROR_INVALIDDATA;
+ }
cb_depth = av_log2(cb_size - 1) + 1;
} else {
cb_depth = get_bits(&gb, 4);
--
2.10.2
More information about the ffmpeg-devel
mailing list