virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

dfa: Put our pointer check back.

Browse Source 
The reimplementation by Libav does not prevent out of array
writes, even though it looks like it does at a quick glance.

No FFmpeg releases are affected by this

See: d1c95d2ce3
     3623589edc
     740ebe468c

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-05-04 14:37:22 +02:00
parent d18341fb11
commit e9e207ece7
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libavcodec/dfa.c
View File

@ -254,6 +254,9 @@ static int decode_wdlt(GetByteContext *gb, uint8_t *frame, int width, int height
y += skip_lines; y += skip_lines;
segments = bytestream2_get_le16(gb); segments = bytestream2_get_le16(gb);
} }
if (frame_end <= frame)
return AVERROR_INVALIDDATA;
if (segments & 0x8000) { if (segments & 0x8000) {
frame[width - 1] = segments & 0xFF; frame[width - 1] = segments & 0xFF;
segments = bytestream2_get_le16(gb); segments = bytestream2_get_le16(gb);