[FFmpeg-devel] [PATCH 1/2] avcodec/dvdsubdec: error on bitmaps with size 0

Wed, 07 Jan 2015 14:58:38 -0800 

Attemtping to decode them could lead to invalid writes with some fuzzed
samples.
---
 libavcodec/dvdsubdec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavcodec/dvdsubdec.c b/libavcodec/dvdsubdec.c
index 2423cad..1cc34ea 100644
--- a/libavcodec/dvdsubdec.c
+++ b/libavcodec/dvdsubdec.c
@@ -111,6 +111,9 @@ static int decode_rle(uint8_t *bitmap, int linesize, int w, 
int h,
     if (start >= buf_size)
         return -1;
 
+    if (w <= 0 || h <= 0)
+        return -1;
+
     bit_len = (buf_size - start) * 8;
     init_get_bits(&gb, buf + start, bit_len);
 
-- 
2.1.4

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to