[FFmpeg-cvslog] vb: Add some checks on input buffer related values.
Michael Niedermayer
git at videolan.org
Fri Dec 9 23:53:55 CET 2011
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Dec 9 23:46:16 2011 +0100| [5b98ea1b7309fd43694b92e990439636630f408a] | committer: Michael Niedermayer
vb: Add some checks on input buffer related values.
Fixes crash with INTRO_FAIL.VB
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5b98ea1b7309fd43694b92e990439636630f408a
---
libavcodec/vb.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavcodec/vb.c b/libavcodec/vb.c
index d66c47b..26967db 100644
--- a/libavcodec/vb.c
+++ b/libavcodec/vb.c
@@ -221,10 +221,14 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
offset = i + j * avctx->width;
rest -= 4;
}
+ if(rest < 0){
+ av_log(avctx, AV_LOG_ERROR, "not enough data\n");
+ return -1;
+ }
if(flags & VB_HAS_VIDEO){
size = bytestream_get_le32(&c->stream);
- if(size > rest){
- av_log(avctx, AV_LOG_ERROR, "Frame size is too big\n");
+ if(size > rest || size<4){
+ av_log(avctx, AV_LOG_ERROR, "Frame size invalid\n");
return -1;
}
vb_decode_framedata(c, c->stream, size, offset);
More information about the ffmpeg-cvslog
mailing list