virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-15 14:13:16 +02:00
Code Issues Releases Activity

avcodec/smc: Check side data size before use

Browse Source 
Fixes out of array read

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2016-10-30 15:12:12 +01:00
parent 979bca5134
commit 140f48b90f
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
libavcodec/smc.c
View File

@@ -431,7 +431,8 @@ static int smc_decode_frame(AVCodecContext *avctx,
const uint8_t *buf = avpkt->data; const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size; int buf_size = avpkt->size;
SmcContext *s = avctx->priv_data; SmcContext *s = avctx->priv_data;
const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, NULL); int pal_size;
const uint8_t *pal = av_packet_get_side_data(avpkt, AV_PKT_DATA_PALETTE, &pal_size);
int ret; int ret;
bytestream2_init(&s->gb, buf, buf_size); bytestream2_init(&s->gb, buf, buf_size);
@@ -439,9 +440,11 @@ static int smc_decode_frame(AVCodecContext *avctx,
if ((ret = ff_reget_buffer(avctx, s->frame)) < 0) if ((ret = ff_reget_buffer(avctx, s->frame)) < 0)
return ret; return ret;
if (pal) { if (pal && pal_size == AVPALETTE_SIZE) {
s->frame->palette_has_changed = 1; s->frame->palette_has_changed = 1;
memcpy(s->pal, pal, AVPALETTE_SIZE); memcpy(s->pal, pal, AVPALETTE_SIZE);
} else if (pal) {
av_log(avctx, AV_LOG_ERROR, "Palette size %d is wrong\n", pal_size);
} }
smc_decode_stream(s); smc_decode_stream(s);