From: Michael Niedermayer Date: Sun, 6 May 2007 15:25:04 +0000 (+0000) Subject: fix possibly exploitable stack overflow with num_sprite_warping_points (found by... X-Git-Tag: v0.5~9100 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=beac8235b92cdd322266e1709fbfe6f9e945e031;p=platform%2Fupstream%2Flibav.git fix possibly exploitable stack overflow with num_sprite_warping_points (found by reimar) Originally committed as revision 8919 to svn://svn.ffmpeg.org/ffmpeg/trunk --- diff --git a/libavcodec/h263.c b/libavcodec/h263.c index 4db89e9..e2ac5fc 100644 --- a/libavcodec/h263.c +++ b/libavcodec/h263.c @@ -5665,6 +5665,11 @@ static int decode_vol_header(MpegEncContext *s, GetBitContext *gb){ skip_bits1(gb); /* marker */ } s->num_sprite_warping_points= get_bits(gb, 6); + if(s->num_sprite_warping_points > 3){ + av_log(s->avctx, AV_LOG_ERROR, "%d sprite_warping_points\n", s->num_sprite_warping_points); + s->num_sprite_warping_points= 0; + return -1; + } s->sprite_warping_accuracy = get_bits(gb, 2); s->sprite_brightness_change= get_bits1(gb); if(s->vol_sprite_usage==STATIC_SPRITE)