mirror of https://git.ffmpeg.org/ffmpeg.git
webp: validate the distance prefix code
According to the WebP Lossless Bitstream Specification the highest allowed value for a prefix code is 39. If prefix_code is too large, the calculated extra_bits has an invalid value and triggers an assertion in get_bits. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
parent
66624ed631
commit
4f2ee9daee
|
@ -688,6 +688,11 @@ static int decode_entropy_coded_image(WebPContext *s, enum ImageRole role,
|
||||||
length = offset + get_bits(&s->gb, extra_bits) + 1;
|
length = offset + get_bits(&s->gb, extra_bits) + 1;
|
||||||
}
|
}
|
||||||
prefix_code = huff_reader_get_symbol(&hg[HUFF_IDX_DIST], &s->gb);
|
prefix_code = huff_reader_get_symbol(&hg[HUFF_IDX_DIST], &s->gb);
|
||||||
|
if (prefix_code > 39) {
|
||||||
|
av_log(s->avctx, AV_LOG_ERROR,
|
||||||
|
"distance prefix code too large: %d\n", prefix_code);
|
||||||
|
return AVERROR_INVALIDDATA;
|
||||||
|
}
|
||||||
if (prefix_code < 4) {
|
if (prefix_code < 4) {
|
||||||
distance = prefix_code + 1;
|
distance = prefix_code + 1;
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in New Issue