Fixes: integer overflow
No testcase
Found-by: 김승호 <kimsh...@naver.com>
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavcodec/encode.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libavcodec/encode.c b/libavcodec/encode.c
index 72dfa8867ab..6a7781336f2 100644
--- a/libavcodec/encode.c
+++ b/libavcodec/encode.c
@@ -197,6 +197,12 @@ int avcodec_encode_subtitle(AVCodecContext *avctx, uint8_t
*buf, int buf_size,
return -1;
}
+ for (int i = 0; i<sub->num_rects; i++)
+ if (sub->rects[i]->nb_colors > 256) {
+ av_log(avctx, AV_LOG_ERROR, "nb_colors %d in rect %d is too
large\n", sub->rects[i]->nb_colors, i);
+ return AVERROR_PATCHWELCOME;
+ }
+
ret = ffcodec(avctx->codec)->cb.encode_sub(avctx, buf, buf_size, sub);
avctx->frame_num++;
return ret;
--
2.49.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
