virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-10 06:10:52 +02:00
Code Issues Releases Activity

avcodec/pngdec: Fix paeth prediction with small images

Browse Source 
Fixes out of array read
Fixes: asan_heap-oob_20b0a06_1962_cov_1907976991_delete_node_small.png
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2014-11-26 17:00:17 +01:00
parent 79ceaf827b
commit 9a53707e86
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libavcodec/pngdec.c
View File

@@ -267,8 +267,10 @@ static void png_filter_row(PNGDSPContext *dsp, uint8_t *dst, int filter_type,
/* would write off the end of the array if we let it process /* would write off the end of the array if we let it process
* the last pixel with bpp=3 */ * the last pixel with bpp=3 */
int w = bpp == 4 ? size : size - 3; int w = bpp == 4 ? size : size - 3;
dsp->add_paeth_prediction(dst + i, src + i, last + i, w - i, bpp); if (w > i) {
i = w; dsp->add_paeth_prediction(dst + i, src + i, last + i, w - i, bpp);
i = w;
}
} }
ff_add_png_paeth_prediction(dst + i, src + i, last + i, size - i, bpp); ff_add_png_paeth_prediction(dst + i, src + i, last + i, size - i, bpp);
break; break;