Home Explore Help
Sign In
SMusatov
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Files Wiki
Browse Source

vp3dec: Check coefficient index in vp3_dequant()
Fixes NGS00145

Found-by: Phillip Langlois
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit eef5c35b4352ec49ca41f6198bee8a976b1f81e5)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

Michael Niedermayer 13 years ago
parent
a6a61a6d1d
commit
fa5292d9d4
1 changed files with 4 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      libavcodec/vp3.c

+ 4 - 0
libavcodec/vp3.c
View File 

@@ -1308,6 +1308,10 @@ static inline int vp3_dequant(Vp3DecodeContext *s, Vp3Fragment *frag,
 
         case 1: // zero run
 
             s->dct_tokens[plane][i]++;
 
             i += (token >> 2) & 0x7f;
 
+            if(i>63){
 
+                av_log(s->avctx, AV_LOG_ERROR, "Coefficient index overflow\n");
 
+                return -1;
 
+            }
 
             block[perm[i]] = (token >> 9) * dequantizer[perm[i]];
 
             i++;
 
             break;