1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

smc: fix the bounds check

Fixes invalid writes when there are more blocks in a run than total
remaining blocks.

CC: libav-stable@libav.org
Bug-ID: CVE-2014-8548
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
Michael Niedermayer 2014-10-03 22:50:45 +02:00 committed by Anton Khirnov
parent 0b39ac6f54
commit d423dd72be

View File

@ -70,7 +70,7 @@ typedef struct SmcContext {
row_ptr += stride * 4; \
} \
total_blocks--; \
if (total_blocks < 0) \
if (total_blocks < !!n_blocks) \
{ \
av_log(s->avctx, AV_LOG_INFO, "warning: block counter just went negative (this should not happen)\n"); \
return; \