[FFmpeg-devel] [PATCH] pnmdec: make sure v is capped by maxval

Andreas Cadhalpun Tue, 08 Nov 2016 16:11:51 -0800

Otherwise put_bits can be called with a value that doesn't fit in the
sample_len, causing an assertion failure.
---
 libavcodec/pnmdec.c | 4 ++++
 1 file changed, 4 insertions(+)


diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c
index ca97cc3..0381ea6 100644
--- a/libavcodec/pnmdec.c
+++ b/libavcodec/pnmdec.c
@@ -145,6 +145,10 @@ static int pnm_decode_frame(AVCodecContext *avctx, void 
*data,
                         /* read a sequence of digits */
                         do {
                             v = 10*v + c;
+                             if (v > s->maxval) {
+                                av_log(avctx, AV_LOG_ERROR, "value %d larger 
than maxval %d\n", v, s->maxval);
+                                return AVERROR_INVALIDDATA;
+                            }
                             c = (*s->bytestream++) - '0';
                         } while (c <= 9);
                     }
-- 
2.10.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH] pnmdec: make sure v is capped by maxval

Reply via email to