Fixes: integer overflow

No testcase

Found-by: 김승호 <kimsh...@naver.com>
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 libavcodec/encode.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/encode.c b/libavcodec/encode.c
index 72dfa8867ab..6a7781336f2 100644
--- a/libavcodec/encode.c
+++ b/libavcodec/encode.c
@@ -197,6 +197,12 @@ int avcodec_encode_subtitle(AVCodecContext *avctx, uint8_t 
*buf, int buf_size,
         return -1;
     }
 
+    for (int i = 0; i<sub->num_rects; i++)
+        if (sub->rects[i]->nb_colors > 256) {
+            av_log(avctx, AV_LOG_ERROR, "nb_colors %d in rect %d is too 
large\n", sub->rects[i]->nb_colors, i);
+            return AVERROR_PATCHWELCOME;
+        }
+
     ret = ffcodec(avctx->codec)->cb.encode_sub(avctx, buf, buf_size, sub);
     avctx->frame_num++;
     return ret;
-- 
2.49.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to