]> git.sesse.net Git - ffmpeg/blobdiff - libavcodec/msmpeg4dec.c
projects / ffmpeg / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
avcodec/adpcm: Fix integer overflow in ADPCM THP
[ffmpeg] / libavcodec / msmpeg4dec.c
diff --git a/libavcodec/msmpeg4dec.c b/libavcodec/msmpeg4dec.c
index 457a37e745806926bd0da65ddc2680d744046cfa..16b67192b51ee77bde9589e75a5cb88b35ae37c4 100644 (file)
--- a/libavcodec/msmpeg4dec.c
+++ b/libavcodec/msmpeg4dec.c
@@ -412,6 +412,14 @@ int ff_msmpeg4_decode_picture_header(MpegEncContext * s)
 {
     int code;
 
+    // at minimum one bit per macroblock is required at least in a valid frame,
+    // we discard frames much smaller than this. Frames smaller than 1/8 of the
+    // smallest "black/skip" frame generally contain not much recoverable content
+    // while at the same time they have the highest computational requirements
+    // per byte
+    if (get_bits_left(&s->gb) * 8LL < (s->width+15)/16 * ((s->height+15)/16))
+        return AVERROR_INVALIDDATA;
+
     if(s->msmpeg4_version==1){
         int start_code = get_bits_long(&s->gb, 32);
         if(start_code!=0x00000100){
Unnamed repository; edit this file 'description' to name the repository.