On Mon, Mar 02, 2015 at 08:58:45PM +0100, Andreas Cadhalpun wrote: > Hi, > > according to the WebP Lossless Bitstream Specification [1] the > highest allowed value for the prefix code is 39. Attached patch adds > a check for this to avoid crashes decoding broken files. > > Best regards, > Andreas > > > 1: > https://developers.google.com/speed/webp/docs/webp_lossless_bitstream_specification#4_image_data >
> webp.c | 5 +++++ > 1 file changed, 5 insertions(+) > 43adf54378f715b26fd69e5e9e7919707e51ae66 > 0001-avcodec-webp-validate-the-distance-prefix-code.patch > From a33b82acc6ab16e1aafaa44d3258d5177dff2cb0 Mon Sep 17 00:00:00 2001 > From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > Date: Mon, 2 Mar 2015 20:47:57 +0100 > Subject: [PATCH] avcodec/webp: validate the distance prefix code > > According to the WebP Lossless Bitstream Specification the highest > allowed value for a prefix code is 39. > > If prefix_code is too large, the calculated extra_bits has an invalid > value and triggers an assertion in get_bits. applied thanks [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Freedom in capitalist society always remains about the same as it was in ancient Greek republics: Freedom for slave owners. -- Vladimir Lenin
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
