virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-15 14:13:16 +02:00
Code Issues Releases Activity

lagarith: check count before writing zeros.

Browse Source 
Fixes CVE-2012-2793

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
Michael Niedermayer
2012-04-14 18:28:31 +02:00
committed by Anton Khirnov
parent 99f392a584
commit b631e4ed64
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/lagarith.c
View File

@@ -361,6 +361,11 @@ static int lag_decode_zero_run_line(LagarithContext *l, uint8_t *dst,
output_zeros: output_zeros:
if (l->zeros_rem) { if (l->zeros_rem) {
count = FFMIN(l->zeros_rem, width - i); count = FFMIN(l->zeros_rem, width - i);
if (end - dst < count) {
av_log(l->avctx, AV_LOG_ERROR, "Too many zeros remaining.\n");
return AVERROR_INVALIDDATA;
}
memset(dst, 0, count); memset(dst, 0, count);
l->zeros_rem -= count; l->zeros_rem -= count;
dst += count; dst += count;