[FFmpeg-cvslog] r15981 - trunk/libavcodec/rv34.c

Tue Dec 2 18:39:20 CET 2008

Author: kostya
Date: Tue Dec  2 18:39:20 2008
New Revision: 15981

Log:
Check RV30/40 slice offsets to be inside buffer.

This fixes issue 738


Modified:
   trunk/libavcodec/rv34.c

Modified: trunk/libavcodec/rv34.c
==============================================================================

--- trunk/libavcodec/rv34.c	(original)
+++ trunk/libavcodec/rv34.c	Tue Dec  2 18:39:20 2008
@@ -1389,6 +1389,11 @@ int ff_rv34_decode_frame(AVCodecContext 
         else
             size= get_slice_offset(avctx, slices_hdr, i+1) - offset;
 
+        if(offset > buf_size){
+            av_log(avctx, AV_LOG_ERROR, "Slice offset is greater than frame size\n");
+            break;
+        }
+
         r->si.end = s->mb_width * s->mb_height;
         if(i+1 < slice_count){
             init_get_bits(&s->gb, buf+get_slice_offset(avctx, slices_hdr, i+1), (buf_size-get_slice_offset(avctx, slices_hdr, i+1))*8);


