On Wed, Nov 09, 2016 at 01:11:29AM +0100, Andreas Cadhalpun wrote:
> Otherwise put_bits can be called with a value that doesn't fit in the
> sample_len, causing an assertion failure.
> ---
> libavcodec/pnmdec.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/libavcodec/pnmdec.c b/libavcodec/pnmdec.c
> index ca97cc3..0381ea6 100644
> --- a/libavcodec/pnmdec.c
> +++ b/libavcodec/pnmdec.c
> @@ -145,6 +145,10 @@ static int pnm_decode_frame(AVCodecContext *avctx, void
> *data,
> /* read a sequence of digits */
> do {
> v = 10*v + c;
> + if (v > s->maxval) {
> + av_log(avctx, AV_LOG_ERROR, "value %d larger
> than maxval %d\n", v, s->maxval);
> + return AVERROR_INVALIDDATA;
> + }indention is a bit noisy i think it can overflow if maxval is large, it would be faster to check outside the loop [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I do not agree with what you have to say, but I'll defend to the death your right to say it. -- Voltaire
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
