diff options
| author | Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> | 2015-12-29 18:32:01 +0100 |
|---|---|---|
| committer | Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> | 2016-01-02 12:00:39 +0100 |
| commit | c112be25f7825d14b1c39ccbf325b85883f852c2 (patch) | |
| tree | ea3489cf7fe076ed063cd7b3153facd99a2f4fd1 /libavformat/oggparsedaala.c | |
| parent | 69ead86027d04e8f1dacd7b63eb936f62a8e0c6a (diff) | |
| download | ffmpeg-streaming-c112be25f7825d14b1c39ccbf325b85883f852c2.zip ffmpeg-streaming-c112be25f7825d14b1c39ccbf325b85883f852c2.tar.gz | |
oggparsedaala: reject too large gpshift
Also use a unsigned constant for the shift calculation, as 1 << 31 is
undefined for int32_t. This is also fixed oggparsetheora.
This fixes ubsan runtime error: shift exponent is too large for
32-bit type 'int'
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Diffstat (limited to 'libavformat/oggparsedaala.c')
| -rw-r--r-- | libavformat/oggparsedaala.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/libavformat/oggparsedaala.c b/libavformat/oggparsedaala.c index 24567f9..3651ca1 100644 --- a/libavformat/oggparsedaala.c +++ b/libavformat/oggparsedaala.c @@ -123,7 +123,12 @@ static int daala_header(AVFormatContext *s, int idx) hdr->frame_duration = bytestream2_get_ne32(&gb); hdr->gpshift = bytestream2_get_byte(&gb); - hdr->gpmask = (1 << hdr->gpshift) - 1; + if (hdr->gpshift >= 32) { + av_log(s, AV_LOG_ERROR, "Too large gpshift %d (>= 32).\n", + hdr->gpshift); + return AVERROR_INVALIDDATA; + } + hdr->gpmask = (1U << hdr->gpshift) - 1; hdr->format.depth = 8 + 2*(bytestream2_get_byte(&gb)-1); |
