Prevents crashes with the fuzzed samples from bug 88 and 125 after
"golomb: avoid infinite loop on all-zero input".
---
libavcodec/rv34.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/rv34.c b/libavcodec/rv34.c
index 3e55bd1..e62f30c 100644
--- a/libavcodec/rv34.c
+++ b/libavcodec/rv34.c
@@ -396,8 +396,8 @@ static int rv34_decode_inter_mb_header(RV34DecContext *r,
int8_t *intra_types)
int i, t;
r->block_type = r->decode_mb_info(r);
- if(r->block_type == -1)
- return -1;
+ if (r->block_type < 0 || r->block_type >= RV34_MB_TYPES)
+ return AVERROR_INVALIDDATA;
s->current_picture_ptr->f.mb_type[mb_pos] =
rv34_mb_type_to_lavc[r->block_type];
r->mb_type[mb_pos] = r->block_type;
if(r->block_type == RV34_MB_SKIP){
--
1.7.8.4
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
