mirror of https://git.ffmpeg.org/ffmpeg.git
avcodec/diracdec: Tighter checks on CODEBLOCKS_X/Y
Fixes very long but finite loop
Fixes: asan_heap-oob_107866c_42_041.drc
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 5145d22b88
)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
917946e1c9
commit
824f29e4fb
|
@ -1007,8 +1007,8 @@ static int dirac_unpack_idwt_params(DiracContext *s)
|
||||||
/* Codeblock parameters (core syntax only) */
|
/* Codeblock parameters (core syntax only) */
|
||||||
if (get_bits1(gb)) {
|
if (get_bits1(gb)) {
|
||||||
for (i = 0; i <= s->wavelet_depth; i++) {
|
for (i = 0; i <= s->wavelet_depth; i++) {
|
||||||
CHECKEDREAD(s->codeblock[i].width , tmp < 1, "codeblock width invalid\n")
|
CHECKEDREAD(s->codeblock[i].width , tmp < 1 || tmp > (s->avctx->width >>s->wavelet_depth-i), "codeblock width invalid\n")
|
||||||
CHECKEDREAD(s->codeblock[i].height, tmp < 1, "codeblock height invalid\n")
|
CHECKEDREAD(s->codeblock[i].height, tmp < 1 || tmp > (s->avctx->height>>s->wavelet_depth-i), "codeblock height invalid\n")
|
||||||
}
|
}
|
||||||
|
|
||||||
CHECKEDREAD(s->codeblock_mode, tmp > 1, "unknown codeblock mode\n")
|
CHECKEDREAD(s->codeblock_mode, tmp > 1, "unknown codeblock mode\n")
|
||||||
|
|
Loading…
Reference in New Issue