mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
rv10: improve buffer size check.
Check slice count and input buffer size before constructing a possibly invalid pointer, not after.
This commit is contained in:
parent
c5fcdb4402
commit
605b047bcc
@ -659,11 +659,15 @@ static int rv10_decode_frame(AVCodecContext *avctx,
|
||||
if(!avctx->slice_count){
|
||||
slice_count = (*buf++) + 1;
|
||||
buf_size--;
|
||||
|
||||
if (!slice_count || buf_size <= 8 * slice_count) {
|
||||
av_log(avctx, AV_LOG_ERROR, "Invalid slice count: %d.\n", slice_count);
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
|
||||
slices_hdr = buf + 4;
|
||||
buf += 8 * slice_count;
|
||||
buf_size -= 8 * slice_count;
|
||||
if (buf_size <= 0)
|
||||
return AVERROR_INVALIDDATA;
|
||||
}else
|
||||
slice_count = avctx->slice_count;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user