virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-15 14:13:16 +02:00
Code Issues Releases Activity

Fix crash in MLP decoder due to integer overflow.

Browse Source 
Probably only DoS, init_get_bits sets buffer to NULL, thus causing a
NULL-dereference directly after.

Originally committed as revision 21426 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Reimar Döffinger
2010-01-24 18:07:29 +00:00
parent 8ba436171f
commit 0b882b4009
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/mlpdec.c
View File

@@ -959,7 +959,7 @@ static int read_access_unit(AVCodecContext *avctx, void* data, int *data_size,
length = (AV_RB16(buf) & 0xfff) * 2; length = (AV_RB16(buf) & 0xfff) * 2;
if (length > buf_size) if (length < 4 || length > buf_size)
return -1; return -1;
init_get_bits(&gb, (buf + 4), (length - 4) * 8); init_get_bits(&gb, (buf + 4), (length - 4) * 8);