har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avutil/lzo: Fix integer overflow

Browse Source 
Embargoed-till: 2014-06-27 requested by researcher, but embargo broken by libav today (git and mailing list)

Fixes: LMS-2014-06-16-4
Found-by: "Don A. Bailey" <donb@securitymouse.com>
See: ccda51b14c0fcae2fad73a24872dce75a7964996
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2014-06-20 03:15:28 +02:00
parent b222e0773c
commit d6af26c55c
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavutil/lzo.c
View File

@ -65,8 +65,13 @@ static inline int get_len(LZOContext *c, int x, int mask)
{ {
int cnt = x & mask; int cnt = x & mask;
if (!cnt) { if (!cnt) {
while (!(x = get_byte(c))) while (!(x = get_byte(c))) {
if (cnt >= INT_MAX - 1000) {
c->error |= AV_LZO_ERROR;
break;
}
cnt += 255; cnt += 255;
}
cnt += mask + x; cnt += mask + x;
} }
return cnt; return cnt;