Prevent block size from inreasing in the shorten decoder.
authorLaurent Aimar <fenrir@elivagar.org>
Fri, 30 Sep 2011 22:43:05 +0000 (00:43 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Sun, 2 Oct 2011 03:48:13 +0000 (05:48 +0200)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit b399cbfba5d901608c18e1a2d48a24c30541a634)

libavcodec/shorten.c

index 5e599fd..4c1abe8 100644 (file)
@@ -483,9 +483,15 @@ static int shorten_decode_frame(AVCodecContext *avctx,
             case FN_BITSHIFT:
                 s->bitshift = get_ur_golomb_shorten(&s->gb, BITSHIFTSIZE);
                 break;
-            case FN_BLOCKSIZE:
-                s->blocksize = get_uint(s, av_log2(s->blocksize));
+            case FN_BLOCKSIZE: {
+                int blocksize = get_uint(s, av_log2(s->blocksize));
+                if (blocksize > s->blocksize) {
+                    av_log(avctx, AV_LOG_ERROR, "Increasing block size is not supported\n");
+                    return AVERROR_PATCHWELCOME;
+                }
+                s->blocksize = blocksize;
                 break;
+            }
             case FN_QUIT:
                 *data_size = 0;
                 return buf_size;