[FFmpeg-devel] [PATCH 1/2] avcodec/anm: Check extradata length before allocating frame

Peter Ross pross at xvid.org
Sun May 31 05:44:00 EEST 2020


On Sat, May 30, 2020 at 06:32:59AM +0200, Andreas Rheinhardt wrote:
> Then one doesn't need to free the frame in case the length turns out to
> be insufficient.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
> ---
>  libavcodec/anm.c | 8 +++-----
>  1 file changed, 3 insertions(+), 5 deletions(-)
> 
> diff --git a/libavcodec/anm.c b/libavcodec/anm.c
> index cd1fcc5998..e9b19d880d 100644
> --- a/libavcodec/anm.c
> +++ b/libavcodec/anm.c
> @@ -40,6 +40,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
>      AnmContext *s = avctx->priv_data;
>      int i;
>  
> +    if (avctx->extradata_size < 16 * 8 + 4 * 256)
> +        return AVERROR_INVALIDDATA;
> +
>      avctx->pix_fmt = AV_PIX_FMT_PAL8;
>  
>      s->frame = av_frame_alloc();
> @@ -47,11 +50,6 @@ static av_cold int decode_init(AVCodecContext *avctx)
>          return AVERROR(ENOMEM);
>  
>      bytestream2_init(&s->gb, avctx->extradata, avctx->extradata_size);
> -    if (bytestream2_get_bytes_left(&s->gb) < 16 * 8 + 4 * 256) {
> -        av_frame_free(&s->frame);
> -        return AVERROR_INVALIDDATA;
> -    }
> -
>      bytestream2_skipu(&s->gb, 16 * 8);
>      for (i = 0; i < 256; i++)
>          s->palette[i] = (0xFFU << 24) | bytestream2_get_le32u(&s->gb);
> -- 
> 2.20.1

ok.

-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200531/3d1173ad/attachment.sig>


More information about the ffmpeg-devel mailing list