mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
smc: fix the bounds check
Fixes invalid writes when there are more blocks in a run than total remaining blocks. CC: libav-stable@libav.org Bug-ID: CVE-2014-8548 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
parent
0b39ac6f54
commit
d423dd72be
@ -70,7 +70,7 @@ typedef struct SmcContext {
|
||||
row_ptr += stride * 4; \
|
||||
} \
|
||||
total_blocks--; \
|
||||
if (total_blocks < 0) \
|
||||
if (total_blocks < !!n_blocks) \
|
||||
{ \
|
||||
av_log(s->avctx, AV_LOG_INFO, "warning: block counter just went negative (this should not happen)\n"); \
|
||||
return; \
|
||||
|
Loading…
Reference in New Issue
Block a user