virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Code Issues Releases Activity

diracdec: prevent overflow in data_unit_size check

Browse Source 
buf_idx + data_unit_size can overflow, causing the '> buf_size' check to
wrongly fail.

This causes a segmentation fault.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Andreas Cadhalpun 2015-05-05 21:33:08 +02:00 committed by Michael Niedermayer
parent ed68fccf76
commit 984f50deb2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/diracdec.c
View File

@ -1937,8 +1937,8 @@ static int dirac_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
break;
data_unit_size = AV_RB32(buf+buf_idx+5);
if (buf_idx + data_unit_size > buf_size || !data_unit_size) {
if(buf_idx + data_unit_size > buf_size)
if (data_unit_size > buf_size - buf_idx || !data_unit_size) {
if(data_unit_size > buf_size - buf_idx)
av_log(s->avctx, AV_LOG_ERROR,
"Data unit with size %d is larger than input buffer, discarding\n",
data_unit_size);