virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-10 06:10:52 +02:00
Code Issues Releases Activity

pictordec: break out of both decoding loops when y drops below 0

Browse Source 
Otherwise picmemset can get called with negative y, resulting in an
invalid write.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This commit is contained in:
Anton Khirnov
2013-08-24 21:30:46 +02:00
parent 8aba7968dd
commit 5f7aecde02
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/pictordec.c
View File

@@ -226,7 +226,7 @@ static int decode_frame(AVCodecContext *avctx,
if (bits_per_plane == 8) { if (bits_per_plane == 8) {
picmemset_8bpp(s, frame, val, run, &x, &y); picmemset_8bpp(s, frame, val, run, &x, &y);
if (y < 0) if (y < 0)
break; goto finish;
} else { } else {
picmemset(s, frame, val, run, &x, &y, &plane, bits_per_plane); picmemset(s, frame, val, run, &x, &y, &plane, bits_per_plane);
} }
@@ -236,6 +236,7 @@ static int decode_frame(AVCodecContext *avctx,
avpriv_request_sample(s, "Uncompressed image"); avpriv_request_sample(s, "Uncompressed image");
return avpkt->size; return avpkt->size;
} }
finish:
*got_frame = 1; *got_frame = 1;
return avpkt->size; return avpkt->size;