[FFmpeg-cvslog] r16802 - trunk/libavcodec/indeo3.c
benoit
subversion
Mon Jan 26 10:41:24 CET 2009
Author: benoit
Date: Mon Jan 26 10:41:23 2009
New Revision: 16802
Log:
Fix an exploit in indeo by checking we are not writing out of the strip array.
Fixes issue 655
Modified:
trunk/libavcodec/indeo3.c
Modified: trunk/libavcodec/indeo3.c
==============================================================================
--- trunk/libavcodec/indeo3.c Mon Jan 26 10:24:52 2009 (r16801)
+++ trunk/libavcodec/indeo3.c Mon Jan 26 10:41:23 2009 (r16802)
@@ -252,6 +252,10 @@ static void iv_Decode_Chunk(Indeo3Decode
if(cmd == 0) {
strip++;
+ if(strip >= strip_tbl + FF_ARRAY_ELEMS(strip_tbl)) {
+ av_log(s->avctx, AV_LOG_WARNING, "out of range strip\n");
+ break;
+ }
memcpy(strip, strip-1, sizeof(*strip));
strip->split_flag = 1;
strip->split_direction = 0;
@@ -259,6 +263,10 @@ static void iv_Decode_Chunk(Indeo3Decode
continue;
} else if(cmd == 1) {
strip++;
+ if(strip >= strip_tbl + FF_ARRAY_ELEMS(strip_tbl)) {
+ av_log(s->avctx, AV_LOG_WARNING, "out of range strip\n");
+ break;
+ }
memcpy(strip, strip-1, sizeof(*strip));
strip->split_flag = 1;
strip->split_direction = 1;
More information about the ffmpeg-cvslog
mailing list