ffv1: fix crash caused by version becoming inconsistent
authorMichael Niedermayer <michaelni@gmx.at>
Sat, 2 Jun 2012 00:21:30 +0000 (02:21 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Wed, 6 Jun 2012 22:55:25 +0000 (00:55 +0200)
Fixes part of Ticket1372

Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 97c281d5b7d1c4850a8ba7d9921137634224b2f3)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/ffv1.c

index bffd744..79409e2 100644 (file)
@@ -1769,7 +1769,12 @@ static int read_header(FFV1Context *f){
     memset(state, 128, sizeof(state));
 
     if(f->version < 2){
-        f->version= get_symbol(c, state, 0);
+        unsigned v= get_symbol(c, state, 0);
+        if(v >= 2){
+            av_log(f->avctx, AV_LOG_ERROR, "invalid version %d in ver01 header\n", v);
+            return AVERROR_INVALIDDATA;
+        }
+        f->version = v;
         f->ac= f->avctx->coder_type= get_symbol(c, state, 0);
         if(f->ac>1){
             for(i=1; i<256; i++){