[FFmpeg-cvslog] flicvideo: fix overread.
Michael Niedermayer
git at videolan.org
Thu Dec 15 04:49:02 CET 2011
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Dec 15 04:24:38 2011 +0100| [afb2bac48d0d044718c2da3d34a97bee244be2e3] | committer: Michael Niedermayer
flicvideo: fix overread.
Bug Found by: Diana Elena Muscalu
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=afb2bac48d0d044718c2da3d34a97bee244be2e3
---
libavcodec/flicvideo.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c
index 9111d17..28009cd 100644
--- a/libavcodec/flicvideo.c
+++ b/libavcodec/flicvideo.c
@@ -319,12 +319,14 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
pixel_ptr = y_ptr;
CHECK_PIXEL_PTR(0);
pixel_countdown = s->avctx->width;
- line_packets = buf[stream_ptr++];
- if (stream_ptr + 2 * line_packets > stream_ptr_after_chunk)
+ if (stream_ptr + 1 > stream_ptr_after_chunk)
break;
+ line_packets = buf[stream_ptr++];
if (line_packets > 0) {
for (i = 0; i < line_packets; i++) {
/* account for the skip bytes */
+ if (stream_ptr + 2 > stream_ptr_after_chunk)
+ break;
pixel_skip = buf[stream_ptr++];
pixel_ptr += pixel_skip;
pixel_countdown -= pixel_skip;
More information about the ffmpeg-cvslog
mailing list