Mercurial > libavformat.hg

changeset 2809:17086a526938 libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Check sanity in the palette loading operation. The addresses a potential security risk in the MOV/MP4 demuxer.
author melanson
date Wed, 05 Dec 2007 04:30:33 +0000
parents a8b9018a4ffb
children e106e4b43718
files mov.c
diffstat 1 files changed, 7 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/mov.c	Tue Dec 04 23:43:01 2007 +0000
+++ b/mov.c	Wed Dec 05 04:30:33 2007 +0000
@@ -572,10 +572,10 @@
     uint8_t codec_name[32];
 
     /* for palette traversal */
-    int color_depth;
-    int color_start;
-    int color_count;
-    int color_end;
+    unsigned int color_depth;
+    unsigned int color_start;
+    unsigned int color_count;
+    unsigned int color_end;
     int color_index;
     int color_dec;
     int color_greyscale;
@@ -701,6 +701,8 @@
                     color_start = get_be32(pb);
                     color_count = get_be16(pb);
                     color_end = get_be16(pb);
+                    if ((color_start <= 255) &&
+                        (color_end <= 255)) {
                     for (j = color_start; j <= color_end; j++) {
                         /* each R, G, or B component is 16 bits;
                          * only use the top 8 bits; skip alpha bytes
@@ -715,6 +717,7 @@
                         get_byte(pb);
                         c->palette_control.palette[j] =
                             (r << 16) | (g << 8) | (b);
+                        }
                     }
                 }