virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-21 10:55:51 +02:00
Code Issues Releases Activity

ivi_common: more MV Checks, fixes out of array reads

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-11-09 23:38:51 +01:00
parent c63e76ba35
commit a93c7ca6ef
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
libavcodec/ivi_common.c
View File

@ -560,6 +560,22 @@ static int ivi_process_empty_tile(AVCodecContext *avctx, IVIBandDesc *band,
mb->mv_y = ref_mb->mv_y;
}
need_mc |= mb->mv_x || mb->mv_y; /* tracking non-zero motion vectors */
{
int dmv_x, dmv_y, cx, cy;
dmv_x = mb->mv_x >> band->is_halfpel;
dmv_y = mb->mv_y >> band->is_halfpel;
cx = mb->mv_x & band->is_halfpel;
cy = mb->mv_y & band->is_halfpel;
if ( mb->xpos + dmv_x < 0
|| mb->xpos + dmv_x + band->mb_size + cx > band->pitch
|| mb->ypos + dmv_y < 0
|| mb->ypos + dmv_y + band->mb_size + cy > band->aheight) {
av_log(avctx, AV_LOG_ERROR, "MV out of bounds\n");
return AVERROR_INVALIDDATA;
}
}
}
mb++;