virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

pgssubdec: check RLE size before copying. Fix out of array accesses

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-11-15 16:41:28 +01:00
parent bc08ca841e
commit c0d68be555
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/pgssubdec.c
View File

@ -222,6 +222,11 @@ static int parse_picture_segment(AVCodecContext *avctx,
return -1;
}
if (buf_size > rle_bitmap_len) {
av_log(avctx, AV_LOG_ERROR, "too much RLE data\n");
return AVERROR_INVALIDDATA;
}
ctx->pictures[picture_id].w = width;
ctx->pictures[picture_id].h = height;