---
libavcodec/shorten.c | 17 +++++++++++++++--
1 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 2502587..3f06e57 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -330,8 +330,16 @@ static int read_header(ShortenContext *s)
/* get blocksize if version > 0 */
if (s->version > 0) {
- int skip_bytes;
- s->blocksize = get_uint(s, av_log2(DEFAULT_BLOCK_SIZE));
+ int skip_bytes, blocksize;
+
+ blocksize = get_uint(s, av_log2(DEFAULT_BLOCK_SIZE));
+ if (!blocksize || blocksize > MAX_BLOCKSIZE) {
+ av_log(s->avctx, AV_LOG_ERROR, "invalid or unsupported block size:
%d\n",
+ blocksize);
+ return AVERROR(EINVAL);
+ }
+ s->blocksize = blocksize;
+
maxnlpc = get_uint(s, LPCQSIZE);
s->nmean = get_uint(s, 0);
@@ -456,6 +464,11 @@ static int shorten_decode_frame(AVCodecContext *avctx,
av_log(avctx, AV_LOG_ERROR, "Increasing block size is
not supported\n");
return AVERROR_PATCHWELCOME;
}
+ if (!blocksize || blocksize > MAX_BLOCKSIZE) {
+ av_log(avctx, AV_LOG_ERROR, "invalid or unsupported "
+ "block size: %d\n", blocksize);
+ return AVERROR(EINVAL);
+ }
s->blocksize = blocksize;
break;
}
--
1.7.1
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
