virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-08 13:22:53 +02:00
Code Issues Releases Activity

flicvideo: fix crash on flic files with invalid frame size

Browse Source 
Add a check in flic_decode_frame_8BPP(), in case chunk_size is >
frame_size issue a warning and resize chunk_size to frame_size, in
order to avoid out-of-buffer reads.

Fix roundup issue #2520, trac issue #69.

Signed-off-by: Stefano Sabatini <stefano.sabatini-lala@poste.it>
This commit is contained in:
Stefano Sabatini 2011-04-23 00:08:28 +02:00
parent cd1872799d
commit efd6cbc5dd
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/flicvideo.c
View File

@ -181,6 +181,11 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
/* iterate through the chunks */
while ((frame_size > 0) && (num_chunks > 0)) {
chunk_size = AV_RL32(&buf[stream_ptr]);
if (chunk_size > frame_size) {
av_log(avctx, AV_LOG_WARNING,
"Invalid chunk_size = %u > frame_size = %u\n", chunk_size, frame_size);
chunk_size = frame_size;
}
stream_ptr += 4;
chunk_type = AV_RL16(&buf[stream_ptr]);
stream_ptr += 2;