This avoids crashes when initializing the range coder for the first slice context.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected] --- libavcodec/ffv1.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c index 378b55b..a31f278 100644 --- a/libavcodec/ffv1.c +++ b/libavcodec/ffv1.c @@ -194,6 +194,10 @@ av_cold int ffv1_init_slice_contexts(FFV1Context *f) int i; f->slice_count = f->num_h_slices * f->num_v_slices; + if (f->slice_count <= 0) { + av_log(f->avctx, AV_LOG_ERROR, "Invalid number of slices\n"); + return AVERROR(EINVAL); + } for (i = 0; i < f->slice_count; i++) { FFV1Context *fs = av_mallocz(sizeof(*fs)); -- 1.7.9.4 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
