virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-21 10:55:51 +02:00
Code Issues Releases Activity

indeo3: fix data size check

Browse Source 
The data offsets are relative to the bistream header, which is 16 bytes
after the start of the data.
Fixes invalid reads with corrupted files.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
This commit is contained in:
Anton Khirnov 2013-04-10 09:59:36 +02:00
parent 66531d634e
commit 34e6af9e20
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/indeo3.c
View File

@ -893,8 +893,7 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx,
if (ctx->data_size == 16)
return 4;
if (ctx->data_size > buf_size)
ctx->data_size = buf_size;
ctx->data_size = FFMIN(ctx->data_size, buf_size - 16);
bytestream2_skip(&gb, 3); // skip reserved byte and checksum