[FFmpeg-cvslog] r26256 - trunk/libavcodec/dpx.c
cehoyos
subversion
Fri Jan 7 20:55:22 CET 2011
Author: cehoyos
Date: Fri Jan 7 20:55:22 2011
New Revision: 26256
Log:
Do not overread input buffer.
Fixes issue 2503.
Patch by Daniel Kang, daniel.d.kang at gmail
Modified:
trunk/libavcodec/dpx.c
Modified: trunk/libavcodec/dpx.c
==============================================================================
--- trunk/libavcodec/dpx.c Fri Jan 7 20:55:08 2011 (r26255)
+++ trunk/libavcodec/dpx.c Fri Jan 7 20:55:22 2011 (r26256)
@@ -55,6 +55,7 @@ static int decode_frame(AVCodecContext *
AVPacket *avpkt)
{
const uint8_t *buf = avpkt->data;
+ const uint8_t *buf_end = avpkt->data + avpkt->size;
int buf_size = avpkt->size;
DPXContext *const s = avctx->priv_data;
AVFrame *picture = data;
@@ -172,6 +173,10 @@ static int decode_frame(AVCodecContext *
case 8:
case 12: // Treat 12-bit as 16-bit
case 16:
+ if (source_packet_size*avctx->width*avctx->height > buf_end - buf) {
+ av_log(avctx, AV_LOG_ERROR, "Overread buffer. Invalid header?\n");
+ return -1;
+ }
if (source_packet_size == target_packet_size) {
for (x = 0; x < avctx->height; x++) {
memcpy(ptr, buf, target_packet_size*avctx->width);
More information about the ffmpeg-cvslog
mailing list