diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2014-04-27 06:03:32 +0200 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2014-04-27 13:03:28 +0200 |
| commit | e20ebe491c17388a312e04ff060c217ecfafc914 (patch) | |
| tree | ee612af1750127bb472e8aa4965993e2c708150a /libavcodec/shorten.c | |
| parent | b2cfd1fde7a2643be9978ec8da58c184a5d9a140 (diff) | |
| download | ffmpeg-e20ebe491c17388a312e04ff060c217ecfafc914.tar.gz | |
avcodec/shorten: check bitshift
Fixes invalid shift
Fixes CID1194400
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec/shorten.c')
| -rw-r--r-- | libavcodec/shorten.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 8b91ed3645..5c4bf816b9 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -505,9 +505,16 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data, while (len--) get_ur_golomb_shorten(&s->gb, VERBATIM_BYTE_SIZE); break; - case FN_BITSHIFT: - s->bitshift = get_ur_golomb_shorten(&s->gb, BITSHIFTSIZE); + case FN_BITSHIFT: { + unsigned bitshift = get_ur_golomb_shorten(&s->gb, BITSHIFTSIZE); + if (bitshift > 31) { + av_log(avctx, AV_LOG_ERROR, "bitshift %d is invalid\n", + bitshift); + return AVERROR_PATCHWELCOME; + } + s->bitshift = bitshift; break; + } case FN_BLOCKSIZE: { unsigned blocksize = get_uint(s, av_log2(s->blocksize)); if (blocksize > s->blocksize) { |