1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

indeo3: fix data size check

The data offsets are relative to the bistream header, which is 16 bytes
after the start of the data.
Fixes invalid reads with corrupted files.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC:libav-stable@libav.org
This commit is contained in:
Anton Khirnov 2013-04-10 09:59:36 +02:00
parent 66531d634e
commit 34e6af9e20

View File

@ -893,8 +893,7 @@ static int decode_frame_headers(Indeo3DecodeContext *ctx, AVCodecContext *avctx,
if (ctx->data_size == 16)
return 4;
if (ctx->data_size > buf_size)
ctx->data_size = buf_size;
ctx->data_size = FFMIN(ctx->data_size, buf_size - 16);
bytestream2_skip(&gb, 3); // skip reserved byte and checksum