]> git.sesse.net Git - ffmpeg/commit
projects / ffmpeg / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4c2176d) | patch
speedhq: fix out-of-bounds write
authorSteinar H. Gunderson <steinar+ffmpeg@gunderson.no>
Wed, 1 Feb 2017 16:19:18 +0000 (17:19 +0100)
committerAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Thu, 2 Feb 2017 00:12:07 +0000 (01:12 +0100)
commit08b098169be079c4f124a351fda6764fbcd10e79
treed990582c4339f2bc1c3892c8f0710e3be139a395tree | snapshot
parent4c2176d45be1a7fbbcdf1f3d01b1ba2bab6f8d0fcommit | diff
speedhq: fix out-of-bounds write

Certain alpha run lengths (for SHQ1/SHQ3/SHQ5) could be stored in
both long and short versions, and we would only accept the short version,
returning -1 (invalid code) for the others. This could cause an
out-of-bounds write on malicious input, as discovered by
Andreas Cadhalpun during fuzzing.

Fix by simply allowing both versions, leaving no invalid codes
in the alpha VLC.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
libavcodec/speedhq.c diff | blob | history
libavcodec/vlc.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.