mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
indeo3: fix data size check
The data offsets are relative to the bistream header, which is 16 bytes after the start of the data. Fixes invalid reads with corrupted files. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC:libav-stable@libav.org
This commit is contained in:
parent
66531d634e
commit
34e6af9e20
@ -893,8 +893,7 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx,
|
||||
|
||||
if (ctx->data_size == 16)
|
||||
return 4;
|
||||
if (ctx->data_size > buf_size)
|
||||
ctx->data_size = buf_size;
|
||||
ctx->data_size = FFMIN(ctx->data_size, buf_size - 16);
|
||||
|
||||
bytestream2_skip(&gb, 3); // skip reserved byte and checksum
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user