Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/mpc-hc/FFmpeg.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libavcodec/mss1.c
diff options
context:
space:
mode:
authorPaul B Mahol <onemda@gmail.com>2012-06-26 02:45:08 +0400
committerPaul B Mahol <onemda@gmail.com>2012-06-26 03:07:18 +0400
commite3c26705392e462fabf54366fbad3dbf6ec832d1 (patch)
tree358131ca3e99584554ed3be5e07aea44ba370851 /libavcodec/mss1.c
parent8a0cd58729364c7d8cf4361aa586f3d0dc43ebb4 (diff)
mss1: check number of free colours
Prevents out of array write. Signed-off-by: Paul B Mahol <onemda@gmail.com>
Diffstat (limited to 'libavcodec/mss1.c')
-rw-r--r--libavcodec/mss1.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/libavcodec/mss1.c b/libavcodec/mss1.c
index b9e32331ab..dfddbd97ec 100644
--- a/libavcodec/mss1.c
+++ b/libavcodec/mss1.c
@@ -783,6 +783,10 @@ static av_cold int mss1_decode_init(AVCodecContext *avctx)
av_log(avctx, AV_LOG_DEBUG, "Encoder version %d.%d\n",
AV_RB32(avctx->extradata + 4), AV_RB32(avctx->extradata + 8));
c->free_colours = AV_RB32(avctx->extradata + 48);
+ if (c->free_colours < 0 || c->free_colours > 256) {
+ av_log(avctx, AV_LOG_ERROR, "Invalid free colours %d\n", c->free_colours);
+ return AVERROR_INVALIDDATA;
+ }
av_log(avctx, AV_LOG_DEBUG, "%d free colour(s)\n", c->free_colours);
avctx->coded_width = AV_RB32(avctx->extradata + 20);
avctx->coded_height = AV_RB32(avctx->extradata + 24);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 00:10:36 +0300