ffmpeg | branch: master | Andreas Cadhalpun <andreas.cadhal...@googlemail.com> | Tue Dec 29 16:38:26 2015 +0100| [b4466c9c1a82ce72011ed72e1221a30b15f73adb] | committer: Andreas Cadhalpun
oggparsedaala: check number of planes in pixel format map This fixes crashes caused by out-of-bounds writes. Reviewed-by: Rostislav Pehlivanov <atomnu...@gmail.com> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b4466c9c1a82ce72011ed72e1221a30b15f73adb --- libavformat/oggparsedaala.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libavformat/oggparsedaala.c b/libavformat/oggparsedaala.c index dda8d70..24567f9 100644 --- a/libavformat/oggparsedaala.c +++ b/libavformat/oggparsedaala.c @@ -130,6 +130,12 @@ static int daala_header(AVFormatContext *s, int idx) hdr->fpr = bytestream2_get_byte(&gb); hdr->format.planes = bytestream2_get_byte(&gb); + if (hdr->format.planes > 4) { + av_log(s, AV_LOG_ERROR, + "Invalid number of planes %d in daala pixel format map.\n", + hdr->format.planes); + return AVERROR_INVALIDDATA; + } for (i = 0; i < hdr->format.planes; i++) { hdr->format.xdec[i] = bytestream2_get_byte(&gb); hdr->format.ydec[i] = bytestream2_get_byte(&gb); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
