[FFmpeg-cvslog] dvdsubdec.c: prevent input buffer overflow
Jindrich Makovicka
git
Mon Feb 7 17:34:10 CET 2011
ffmpeg | branch: master | Jindrich Makovicka <makovick at gmail.com> | Sat Feb 5 11:39:51 2011 +0100| [52b2e95cd9f829b83b879a0694173d4ef1558c46] | committer: Michael Niedermayer
dvdsubdec.c: prevent input buffer overflow
In some places, dvbsubdec passes improper input buffer size to
bitstream reading functions, not accounting for reading pointer
updates.
Fixed by using buffer_end - buffer pointer instead of fixed buffer length.
Signed-off-by: Jindrich Makovicka <makovick at gmail.com>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=52b2e95cd9f829b83b879a0694173d4ef1558c46
---
libavcodec/dvbsubdec.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/dvbsubdec.c b/libavcodec/dvbsubdec.c
index fe98798..8cc8d4f 100644
--- a/libavcodec/dvbsubdec.c
+++ b/libavcodec/dvbsubdec.c
@@ -792,7 +792,7 @@ static void dvbsub_parse_pixel_data_block(AVCodecContext *avctx, DVBSubObjectDis
map_table = NULL;
x_pos += dvbsub_read_2bit_string(pbuf + (y_pos * region->width) + x_pos,
- region->width - x_pos, &buf, buf_size,
+ region->width - x_pos, &buf, buf_end - buf,
non_mod, map_table);
break;
case 0x11:
@@ -807,7 +807,7 @@ static void dvbsub_parse_pixel_data_block(AVCodecContext *avctx, DVBSubObjectDis
map_table = NULL;
x_pos += dvbsub_read_4bit_string(pbuf + (y_pos * region->width) + x_pos,
- region->width - x_pos, &buf, buf_size,
+ region->width - x_pos, &buf, buf_end - buf,
non_mod, map_table);
break;
case 0x12:
@@ -817,7 +817,7 @@ static void dvbsub_parse_pixel_data_block(AVCodecContext *avctx, DVBSubObjectDis
}
x_pos += dvbsub_read_8bit_string(pbuf + (y_pos * region->width) + x_pos,
- region->width - x_pos, &buf, buf_size,
+ region->width - x_pos, &buf, buf_end - buf,
non_mod, NULL);
break;
More information about the ffmpeg-cvslog
mailing list