[FFmpeg-cvslog] vqavideo: check for out of bound reads.
Laurent Aimar
git at videolan.org
Fri Nov 4 20:49:22 CET 2011
ffmpeg | branch: release/0.7 | Laurent Aimar <fenrir at elivagar.org> | Sun Oct 9 01:54:41 2011 +0200| [7ab0b6b7eda60e235b7db07a6895fa8bdade01c8] | committer: Michael Niedermayer
vqavideo: check for out of bound reads.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 6d45702f7f257c1cfcd3ce3287bf258854528a4a)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ab0b6b7eda60e235b7db07a6895fa8bdade01c8
---
libavcodec/vqavideo.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index 6d7f65a..64a68e1 100644
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -230,6 +230,8 @@ static void decode_format80(const unsigned char *src, int src_size,
src_index += 2;
av_dlog(NULL, "(1) copy %X bytes from absolute pos %X\n", count, src_pos);
CHECK_COUNT();
+ if (src_pos + count > dest_size)
+ return;
for (i = 0; i < count; i++)
dest[dest_index + i] = dest[src_pos + i];
dest_index += count;
@@ -252,6 +254,8 @@ static void decode_format80(const unsigned char *src, int src_size,
src_index += 2;
av_dlog(NULL, "(3) copy %X bytes from absolute pos %X\n", count, src_pos);
CHECK_COUNT();
+ if (src_pos + count > dest_size)
+ return;
for (i = 0; i < count; i++)
dest[dest_index + i] = dest[src_pos + i];
dest_index += count;
@@ -272,6 +276,8 @@ static void decode_format80(const unsigned char *src, int src_size,
src_index += 2;
av_dlog(NULL, "(5) copy %X bytes from relpos %X\n", count, src_pos);
CHECK_COUNT();
+ if (dest_index < src_pos)
+ return;
for (i = 0; i < count; i++)
dest[dest_index + i] = dest[dest_index - src_pos + i];
dest_index += count;
More information about the ffmpeg-cvslog
mailing list