[FFmpeg-cvslog] r26256 - trunk/libavcodec/dpx.c

cehoyos subversion
Fri Jan 7 20:55:22 CET 2011


Author: cehoyos
Date: Fri Jan  7 20:55:22 2011
New Revision: 26256

Log:
Do not overread input buffer.
Fixes issue 2503.

Patch by Daniel Kang, daniel.d.kang at gmail

Modified:
   trunk/libavcodec/dpx.c

Modified: trunk/libavcodec/dpx.c
==============================================================================
--- trunk/libavcodec/dpx.c	Fri Jan  7 20:55:08 2011	(r26255)
+++ trunk/libavcodec/dpx.c	Fri Jan  7 20:55:22 2011	(r26256)
@@ -55,6 +55,7 @@ static int decode_frame(AVCodecContext *
                         AVPacket *avpkt)
 {
     const uint8_t *buf = avpkt->data;
+    const uint8_t *buf_end = avpkt->data + avpkt->size;
     int buf_size       = avpkt->size;
     DPXContext *const s = avctx->priv_data;
     AVFrame *picture  = data;
@@ -172,6 +173,10 @@ static int decode_frame(AVCodecContext *
         case 8:
         case 12: // Treat 12-bit as 16-bit
         case 16:
+            if (source_packet_size*avctx->width*avctx->height > buf_end - buf) {
+                av_log(avctx, AV_LOG_ERROR, "Overread buffer. Invalid header?\n");
+                return -1;
+            }
             if (source_packet_size == target_packet_size) {
                 for (x = 0; x < avctx->height; x++) {
                     memcpy(ptr, buf, target_packet_size*avctx->width);



More information about the ffmpeg-cvslog mailing list