From 436206c1756ce10a5f1cab45ac1d8a974c352e5a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sun, 5 Oct 2014 13:00:40 +0200
Subject: [PATCH] avcodec/webp: add assert to ensure palette is not larger than
 256

it should not be possible to be larger as its stored as 8bit value
but we would be overwriting a stack buffer if it is ...

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/webp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libavcodec/webp.c b/libavcodec/webp.c
index 92becb6f1c..4b1c8e7f8b 100644
--- a/libavcodec/webp.c
+++ b/libavcodec/webp.c
@@ -1065,6 +1065,7 @@ static int apply_color_indexing_transform(WebPContext *s)
     if (img->frame->height * img->frame->width > 300) {
         uint8_t palette[256 * 4];
         const int size = pal->frame->width * 4;
+        av_assert0(size <= 1024U);
         memcpy(palette, GET_PIXEL(pal->frame, 0, 0), size);   // copy palette
         // set extra entries to transparent black
         memset(palette + size, 0, 256 * 4 - size);