virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-15 14:13:16 +02:00
Code Issues Releases Activity

Fix potential pointer arithmetic overflows in rle_unpack() of vmd video decoder.

Browse Source 
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Laurent Aimar
2011-09-25 00:08:51 +02:00
committed by Michael Niedermayer
parent 4749e07498
commit 35cb6854bb
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/vmdav.c
View File

@@ -179,13 +179,13 @@ static int rle_unpack(const unsigned char *src, int src_len, int src_count,
l = *ps++; l = *ps++;
if (l & 0x80) { if (l & 0x80) {
l = (l & 0x7F) * 2; l = (l & 0x7F) * 2;
if (pd + l > dest_end || ps_end - ps < l) if (dest_end - pd < l || ps_end - ps < l)
return ps - src; return ps - src;
memcpy(pd, ps, l); memcpy(pd, ps, l);
ps += l; ps += l;
pd += l; pd += l;
} else { } else {
if (pd + i > dest_end || ps_end - ps < 2) if (dest_end - pd < i || ps_end - ps < 2)
return ps - src; return ps - src;
for (i = 0; i < l; i++) { for (i = 0; i < l; i++) {
*pd++ = ps[0]; *pd++ = ps[0];