virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

Fix offset validity checks.

Browse Source 
Offsets are relative to the end of the header, not the
start of the buffer, thus the buffer size needs to be subtracted.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
This commit is contained in:
Reimar Döffinger 2012-01-29 18:16:23 +01:00
parent cd3ced1bb9
commit f9eb622944
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/fraps.c
View File

@ -186,12 +186,12 @@ static int decode_frame(AVCodecContext *avctx,
}
for(i = 0; i < planes; i++) {
offs[i] = AV_RL32(buf + 4 + i * 4);
if(offs[i] >= buf_size || (i && offs[i] <= offs[i - 1] + 1024)) {
if(offs[i] >= buf_size - header_size || (i && offs[i] <= offs[i - 1] + 1024)) {
av_log(avctx, AV_LOG_ERROR, "Fraps: plane %i offset is out of bounds\n", i);
return -1;
}
}
offs[planes] = buf_size;
offs[planes] = buf_size - header_size;
for(i = 0; i < planes; i++) {
av_fast_padded_malloc(&s->tmpbuf, &s->tmpbuf_size, offs[i + 1] - offs[i] - 1024);
if (!s->tmpbuf)