virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

8bps: check index against buffer size before reading line length pointer.

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-11-14 03:33:06 +01:00
parent 7acee6654c
commit 66ff90f4a3
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/8bps.c
View File

@ -98,6 +98,8 @@ static int decode_frame(AVCodecContext *avctx, void *data,
for (row = 0; row < height; row++) { for (row = 0; row < height; row++) {
pixptr = c->pic.data[0] + row * c->pic.linesize[0] + planemap[p]; pixptr = c->pic.data[0] + row * c->pic.linesize[0] + planemap[p];
pixptr_end = pixptr + c->pic.linesize[0]; pixptr_end = pixptr + c->pic.linesize[0];
if(lp - encoded + row*2 + 1 >= buf_size)
return -1;
dlen = av_be2ne16(*(const unsigned short *)(lp + row * 2)); dlen = av_be2ne16(*(const unsigned short *)(lp + row * 2));
/* Decode a row of this plane */ /* Decode a row of this plane */
while (dlen > 0) { while (dlen > 0) {