Mercurial > libavcodec.hg
comparison h263.c @ 4930:655d25351bfc libavcodec
fix possibly exploitable stack overflow with num_sprite_warping_points (found by reimar)
| author | michael |
|---|---|
| date | Sun, 06 May 2007 15:25:04 +0000 |
| parents | 41fdd1901c18 |
| children | 7df30f671791 |
comparison
equal
deleted
inserted
replaced
| 4929:67975429cb40 | 4930:655d25351bfc |
|---|---|
| 5663 skip_bits1(gb); /* marker */ | 5663 skip_bits1(gb); /* marker */ |
| 5664 s->sprite_top = get_bits(gb, 13); | 5664 s->sprite_top = get_bits(gb, 13); |
| 5665 skip_bits1(gb); /* marker */ | 5665 skip_bits1(gb); /* marker */ |
| 5666 } | 5666 } |
| 5667 s->num_sprite_warping_points= get_bits(gb, 6); | 5667 s->num_sprite_warping_points= get_bits(gb, 6); |
| 5668 if(s->num_sprite_warping_points > 3){ | |
| 5669 av_log(s->avctx, AV_LOG_ERROR, "%d sprite_warping_points\n", s->num_sprite_warping_points); | |
| 5670 s->num_sprite_warping_points= 0; | |
| 5671 return -1; | |
| 5672 } | |
| 5668 s->sprite_warping_accuracy = get_bits(gb, 2); | 5673 s->sprite_warping_accuracy = get_bits(gb, 2); |
| 5669 s->sprite_brightness_change= get_bits1(gb); | 5674 s->sprite_brightness_change= get_bits1(gb); |
| 5670 if(s->vol_sprite_usage==STATIC_SPRITE) | 5675 if(s->vol_sprite_usage==STATIC_SPRITE) |
| 5671 s->low_latency_sprite= get_bits1(gb); | 5676 s->low_latency_sprite= get_bits1(gb); |
| 5672 } | 5677 } |