virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-15 14:13:16 +02:00
Code Issues Releases Activity

avcodec/hnm4video: check writeoffset in decode_interframe_v4a()

Browse Source 
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2013-11-22 23:48:58 +01:00
parent 5c4aa72b75
commit ffe31c654d
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libavcodec/hnm4video.c
View File

@@ -287,6 +287,10 @@ static void decode_interframe_v4a(AVCodecContext *avctx, uint8_t *src,
if (tag == 0) { if (tag == 0) {
writeoffset += bytestream2_get_byte(&gb); writeoffset += bytestream2_get_byte(&gb);
} else if (tag == 1) { } else if (tag == 1) {
if (writeoffset + hnm->width >= hnm->width * hnm->height) {
av_log(avctx, AV_LOG_ERROR, "writeoffset out of bounds\n");
break;
}
hnm->current[writeoffset] = bytestream2_get_byte(&gb); hnm->current[writeoffset] = bytestream2_get_byte(&gb);
hnm->current[writeoffset + hnm->width] = bytestream2_get_byte(&gb); hnm->current[writeoffset + hnm->width] = bytestream2_get_byte(&gb);
writeoffset++; writeoffset++;
@@ -295,6 +299,10 @@ static void decode_interframe_v4a(AVCodecContext *avctx, uint8_t *src,
} else if (tag == 3) { } else if (tag == 3) {
break; break;
} }
if (writeoffset > hnm->width * hnm->height) {
av_log(avctx, AV_LOG_ERROR, "writeoffset out of bounds\n");
break;
}
} else { } else {
delta = bytestream2_peek_byte(&gb) & 0x80; delta = bytestream2_peek_byte(&gb) & 0x80;
previous = bytestream2_peek_byte(&gb) & 0x40; previous = bytestream2_peek_byte(&gb) & 0x40;