rawdec: fix input overread.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
2024-11-26 19:01:44 +02:00 · 2012-03-02 22:04:00 +01:00 · 2012-03-02 22:04:00 +01:00 · 422e3a74b9
commit 422e3a74b9
parent e7b43e8e84
1 changed files with 2 additions and 2 deletions
--- a/libavcodec/rawdec.c
+++ b/libavcodec/rawdec.c
@ -161,13 +161,13 @@ static int raw_decode(AVCodecContext *avctx,
        uint8_t *dst = context->buffer;
        buf_size = context->length - 256*4;
        if (avctx->bits_per_coded_sample == 4){
-            for(i=0; 2*i+1 < buf_size; i++){
+            for(i=0; 2*i+1 < buf_size && i<avpkt->size; i++){
                dst[2*i+0]= buf[i]>>4;
                dst[2*i+1]= buf[i]&15;
            }
            linesize_align = 8;
        } else {
-            for(i=0; 4*i+3 < buf_size; i++){
+            for(i=0; 4*i+3 < buf_size && i<avpkt->size; i++){
                dst[4*i+0]= buf[i]>>6;
                dst[4*i+1]= buf[i]>>4&3;
                dst[4*i+2]= buf[i]>>2&3;