[FFmpeg-cvslog] pictordec: prevent segfault when reading corrupted files
Peter Ross
git at videolan.org
Thu Dec 1 15:36:57 CET 2011
ffmpeg | branch: master | Peter Ross <pross at xvid.org> | Thu Dec 1 19:17:16 2011 +1100| [f3f488423a12af9bb4eed6e6868cfa86ece3571b] | committer: Michael Niedermayer
pictordec: prevent segfault when reading corrupted files
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f3f488423a12af9bb4eed6e6868cfa86ece3571b
---
libavcodec/pictordec.c | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/libavcodec/pictordec.c b/libavcodec/pictordec.c
index 09aae72..ca3e791 100644
--- a/libavcodec/pictordec.c
+++ b/libavcodec/pictordec.c
@@ -202,13 +202,13 @@ static int decode_frame(AVCodecContext *avctx,
y = s->height - 1;
plane = 0;
if (bytestream_get_le16(&buf)) {
- while (buf_end - buf >= 6) {
+ while (y >= 0 && buf_end - buf >= 6) {
const uint8_t *buf_pend = buf + FFMIN(AV_RL16(buf), buf_end - buf);
//ignore uncompressed block size reported at buf[2]
int marker = buf[4];
buf += 5;
- while (plane < s->nb_planes && buf_pend - buf >= 1) {
+ while (plane < s->nb_planes && y >= 0 && buf_pend - buf >= 1) {
int run = 1;
int val = *buf++;
if (val == marker) {
@@ -222,8 +222,6 @@ static int decode_frame(AVCodecContext *avctx,
if (bits_per_plane == 8) {
picmemset_8bpp(s, val, run, &x, &y);
- if (y < 0)
- break;
} else {
picmemset(s, val, run, &x, &y, &plane, bits_per_plane);
}
More information about the ffmpeg-cvslog
mailing list