virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00
Code Issues Releases Activity

truemotion2: check size before GetBitContext initialisation

Browse Source 
Prevents null ptr derefence for negative sizes.
This commit is contained in:
Janne Grunau 2012-01-05 21:28:03 +01:00
parent acb074301c
commit 696ace50ea
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/truemotion2.c
View File

@ -272,6 +272,8 @@ static int tm2_read_stream(TM2Context *ctx, const uint8_t *buf, int stream_id, i
len = AV_RB32(buf); buf += 4; cur += 4;
}
if(len > 0) {
if (skip <= cur)
return -1;
init_get_bits(&ctx->gb, buf, (skip - cur) * 8);
if(tm2_read_deltas(ctx, stream_id) == -1)
return -1;
@ -286,6 +288,8 @@ static int tm2_read_stream(TM2Context *ctx, const uint8_t *buf, int stream_id, i
buf += 4; cur += 4;
buf += 4; cur += 4; /* unused by decoder */
if (skip <= cur)
return -1;
init_get_bits(&ctx->gb, buf, (skip - cur) * 8);
if(tm2_build_huff_table(ctx, &codes) == -1)
return -1;
@ -303,6 +307,8 @@ static int tm2_read_stream(TM2Context *ctx, const uint8_t *buf, int stream_id, i
ctx->tok_lens[stream_id] = toks;
len = AV_RB32(buf); buf += 4; cur += 4;
if(len > 0) {
if (skip <= cur)
return -1;
init_get_bits(&ctx->gb, buf, (skip - cur) * 8);
for(i = 0; i < toks; i++) {
if (get_bits_left(&ctx->gb) <= 0) {