1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

rv10: improve buffer size check.

Check slice count and input buffer size before constructing a possibly
invalid pointer, not after.
This commit is contained in:
Anton Khirnov 2013-02-03 08:42:02 +01:00
parent c5fcdb4402
commit 605b047bcc

View File

@ -659,11 +659,15 @@ static int rv10_decode_frame(AVCodecContext *avctx,
if(!avctx->slice_count){
slice_count = (*buf++) + 1;
buf_size--;
if (!slice_count || buf_size <= 8 * slice_count) {
av_log(avctx, AV_LOG_ERROR, "Invalid slice count: %d.\n", slice_count);
return AVERROR_INVALIDDATA;
}
slices_hdr = buf + 4;
buf += 8 * slice_count;
buf_size -= 8 * slice_count;
if (buf_size <= 0)
return AVERROR_INVALIDDATA;
}else
slice_count = avctx->slice_count;