mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
dfa: Put our pointer check back.
The reimplementation by Libav does not prevent out of array writes, even though it looks like it does at a quick glance. No FFmpeg releases are affected by this See:d1c95d2ce3
3623589edc
740ebe468c
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
d18341fb11
commit
e9e207ece7
@ -254,6 +254,9 @@ static int decode_wdlt(GetByteContext *gb, uint8_t *frame, int width, int height
|
||||
y += skip_lines;
|
||||
segments = bytestream2_get_le16(gb);
|
||||
}
|
||||
|
||||
if (frame_end <= frame)
|
||||
return AVERROR_INVALIDDATA;
|
||||
if (segments & 0x8000) {
|
||||
frame[width - 1] = segments & 0xFF;
|
||||
segments = bytestream2_get_le16(gb);
|
||||
|
Loading…
Reference in New Issue
Block a user