decode_user_data() attempts to create an integer |build|
value with 8 bits of spacing for 3 components. However
each component is an int32_t, so shifting each component
is undefined for values outside of the 8 bit range.
This patch simply clamps input to 8-bits per component.
Signed-off-by: Dale Curtis <dalecur...@chromium.org>
From 0373fed23fb495161267607230e99c8ed36e444a Mon Sep 17 00:00:00 2001
From: Dale Curtis <dalecur...@chromium.org>
Date: Fri, 17 Nov 2017 16:05:30 -0800
Subject: [PATCH] [mpeg4video] Fix undefined shift on assumed 8-bit input.
decode_user_data() attempts to create an integer |build|
value with 8 bits of spacing for 3 components. However
each component is an int32_t, so shifting each component
is undefined for values outside of the 8 bit range.
This patch simply clamps input to 8-bits per component.
Signed-off-by: Dale Curtis <dalecur...@chromium.org>
---
libavcodec/mpeg4videodec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index 76247c3b8c..93fa1d9973 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -2154,7 +2154,7 @@ static int decode_user_data(Mpeg4DecContext *ctx, GetBitContext *gb)
if (e != 4) {
e = sscanf(buf, "Lavc%d.%d.%d", &ver, &ver2, &ver3) + 1;
if (e > 1)
- build = (ver << 16) + (ver2 << 8) + ver3;
+ build = ((ver & 0xFF) << 16) + ((ver2 & 0xFF) << 8) + (ver3 & 0xFF);
}
if (e != 4) {
if (strcmp(buf, "ffmpeg") == 0)
--
2.15.0.448.gf294e3d99a-goog
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
