virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-04 22:03:09 +02:00
Code Issues Releases Activity

avcodec/sanm: Check decoded_size for old_codec48

Browse Source 
Fixes: writing over the end of the array
Fixes: BIGSLEEP-434637586/payload

Regression since: b22ce90d42

Found-by: Google Big Sleep
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2025-07-28 20:45:59 +02:00
parent 5f24c50890
commit 3ccd7d8c8e
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/sanm.c
View File

@ -1601,6 +1601,11 @@ static int old_codec48(SANMVideoContext *ctx, int width, int height)
} }
break; break;
case 2: case 2:
if (decoded_size > ctx->buf_size) {
av_log(ctx->avctx, AV_LOG_ERROR, "Decoded size %u is too large.\n", decoded_size);
return AVERROR_INVALIDDATA;
}
if (rle_decode(ctx, &ctx->gb, dst, decoded_size)) if (rle_decode(ctx, &ctx->gb, dst, decoded_size))
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;
break; break;