virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-11-26 19:01:44 +02:00
Code Issues Releases Activity

dxa: check vectors of 4x4 motion blocks

Browse Source 
Fixes out of array reads

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-05-07 20:18:41 +02:00
parent 89d998f1c1
commit f96e0eb238
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/dxa.c
View File

@ -71,6 +71,11 @@ static int decode_13(AVCodecContext *avctx, DxaDecContext *c, uint8_t* dst,
case 4: // motion compensation
x = (*mv) >> 4; if(x & 8) x = 8 - x;
y = (*mv++) & 0xF; if(y & 8) y = 8 - y;
if (i < -x || avctx->width - i - 4 < x ||
j < -y || avctx->height - j - 4 < y) {
av_log(avctx, AV_LOG_ERROR, "MV %d %d out of bounds\n", x,y);
return AVERROR_INVALIDDATA;
}
tmp2 += x + y*stride;
case 0: // skip
case 5: // skip in method 12