avcodec/webp: Fix signedness in prefix_code check
authorMichael Niedermayer <michael@niedermayer.cc>
Sat, 13 May 2017 21:21:24 +0000 (23:21 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Sat, 13 May 2017 21:22:22 +0000 (23:22 +0200)
Fixes: out of array read
Fixes: 1557/clusterfuzz-testcase-minimized-6535013757616128

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/webp.c

index 8281cc4..50a8da1 100644 (file)
@@ -694,7 +694,7 @@ static int decode_entropy_coded_image(WebPContext *s, enum ImageRole role,
                 length = offset + get_bits(&s->gb, extra_bits) + 1;
             }
             prefix_code = huff_reader_get_symbol(&hg[HUFF_IDX_DIST], &s->gb);
                 length = offset + get_bits(&s->gb, extra_bits) + 1;
             }
             prefix_code = huff_reader_get_symbol(&hg[HUFF_IDX_DIST], &s->gb);
-            if (prefix_code > 39) {
+            if (prefix_code > 39U) {
                 av_log(s->avctx, AV_LOG_ERROR,
                        "distance prefix code too large: %d\n", prefix_code);
                 return AVERROR_INVALIDDATA;
                 av_log(s->avctx, AV_LOG_ERROR,
                        "distance prefix code too large: %d\n", prefix_code);
                 return AVERROR_INVALIDDATA;