MrBesen/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

sanm: Check decoded_size.

Browse Source 
This prevents a buffer overflow in rle_decode()

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-01-24 00:27:10 +01:00
parent 31cd1e20bb
commit 7357ca900e
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libavcodec/sanm.c
View File

@ -639,6 +639,11 @@ static int old_codec47(SANMVideoContext *ctx, int top,
decoded_size = bytestream2_get_le32(&ctx->gb);
bytestream2_skip(&ctx->gb, 8);
if (decoded_size > height * stride - left - top * stride) {
decoded_size = height * stride - left - top * stride;
av_log(ctx->avctx, AV_LOG_WARNING, "decoded size is too large\n");
}
if (skip & 1)
bytestream2_skip(&ctx->gb, 0x8080);
if (!seq) {