[FFmpeg-cvslog] proresdec: Check yuv slice data sizes.

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Dec 21 21:06:05 2011 +0100| [2b73cddd40bdfd7e3c21b2fe8cbfca0277d1f786] | committer: Michael Niedermayer

proresdec: Check yuv slice data sizes.
Fixes overread
Fixes Ticket812
Bug found by: Oana Stratulat

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2b73cddd40bdfd7e3c21b2fe8cbfca0277d1f786
---

 libavcodec/proresdec2.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/libavcodec/proresdec2.c b/libavcodec/proresdec2.c
index 82848a4..18decae 100644
--- a/libavcodec/proresdec2.c
+++ b/libavcodec/proresdec2.c
@@ -443,7 +443,8 @@ static int decode_slice_thread(AVCodecContext *avctx, void *arg, int jobnr, int
     v_data_size = slice->data_size - y_data_size - u_data_size - hdr_size;
     if (hdr_size > 7) v_data_size = AV_RB16(buf + 6);
 
-    if (y_data_size < 0 || u_data_size < 0 || v_data_size < 0) {
+    if (y_data_size < 0 || u_data_size < 0 || v_data_size < 0
+        || hdr_size+y_data_size+u_data_size+v_data_size > slice->data_size){
         av_log(avctx, AV_LOG_ERROR, "invalid plane data size\n");
         return -1;
     }