virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

proresdec: Check yuv slice data sizes.

Browse Source 
Fixes overread
Fixes Ticket812
Bug found by: Oana Stratulat

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2011-12-21 21:06:05 +01:00
parent 7028c9f421
commit 2b73cddd40
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/proresdec2.c
View File

@ -443,7 +443,8 @@ static int decode_slice_thread(AVCodecContext *avctx, void *arg, int jobnr, int
v_data_size = slice->data_size - y_data_size - u_data_size - hdr_size;
if (hdr_size > 7) v_data_size = AV_RB16(buf + 6);
if (y_data_size < 0 || u_data_size < 0 || v_data_size < 0) {
if (y_data_size < 0 || u_data_size < 0 || v_data_size < 0
|| hdr_size+y_data_size+u_data_size+v_data_size > slice->data_size){
av_log(avctx, AV_LOG_ERROR, "invalid plane data size\n");
return -1;
}