virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-08 13:22:53 +02:00
Code Issues Releases Activity

dvdsubdec.c: prevent input buffer overflow

Browse Source 
In some places, dvbsubdec passes improper input buffer size to
bitstream reading functions, not accounting for reading pointer
updates.

Fixed by using buffer_end - buffer pointer instead of fixed buffer length.

Signed-off-by: Jindrich Makovicka <makovick@gmail.com>

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Jindrich Makovicka 2011-02-05 11:39:51 +01:00 committed by Michael Niedermayer
parent 6a495e986f
commit 52b2e95cd9
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/dvbsubdec.c
View File

@ -792,7 +792,7 @@ static void dvbsub_parse_pixel_data_block(AVCodecContext *avctx, DVBSubObjectDis
map_table = NULL;
x_pos += dvbsub_read_2bit_string(pbuf + (y_pos * region->width) + x_pos,
region->width - x_pos, &buf, buf_size,
region->width - x_pos, &buf, buf_end - buf,
non_mod, map_table);
break;
case 0x11:
@ -807,7 +807,7 @@ static void dvbsub_parse_pixel_data_block(AVCodecContext *avctx, DVBSubObjectDis
map_table = NULL;
x_pos += dvbsub_read_4bit_string(pbuf + (y_pos * region->width) + x_pos,
region->width - x_pos, &buf, buf_size,
region->width - x_pos, &buf, buf_end - buf,
non_mod, map_table);
break;
case 0x12:
@ -817,7 +817,7 @@ static void dvbsub_parse_pixel_data_block(AVCodecContext *avctx, DVBSubObjectDis
}
x_pos += dvbsub_read_8bit_string(pbuf + (y_pos * region->width) + x_pos,
region->width - x_pos, &buf, buf_size,
region->width - x_pos, &buf, buf_end - buf,
non_mod, NULL);
break;