[FFmpeg-cvslog] Check for invalid update parameters in vmd video decoder.
Laurent Aimar
git at videolan.org
Sun Nov 6 20:18:53 CET 2011
ffmpeg | branch: release/0.5 | Laurent Aimar <fenrir at videolan.org> | Sat Sep 24 23:16:18 2011 +0200| [07df40db6e9cc34127a13ad0553eb88314f82f7c] | committer: Michael Niedermayer
Check for invalid update parameters in vmd video decoder.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit e7aed1280ea14b60fceae04d71dfd03e1daf2d04)
(cherry picked from commit 1ed90c84f6ab75af91b08436cefb8ea464f8495b)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=07df40db6e9cc34127a13ad0553eb88314f82f7c
---
libavcodec/vmdav.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c
index 1921c81..a63afb0 100644
--- a/libavcodec/vmdav.c
+++ b/libavcodec/vmdav.c
@@ -206,6 +206,16 @@ static void vmd_decode(VmdVideoContext *s)
frame_y = AV_RL16(&s->buf[8]);
frame_width = AV_RL16(&s->buf[10]) - frame_x + 1;
frame_height = AV_RL16(&s->buf[12]) - frame_y + 1;
+ if (frame_x < 0 || frame_width < 0 ||
+ frame_x >= s->avctx->width ||
+ frame_width > s->avctx->width ||
+ frame_x + frame_width > s->avctx->width)
+ return;
+ if (frame_y < 0 || frame_height < 0 ||
+ frame_y >= s->avctx->height ||
+ frame_height > s->avctx->height ||
+ frame_y + frame_height > s->avctx->height)
+ return;
if ((frame_width == s->avctx->width && frame_height == s->avctx->height) &&
(frame_x || frame_y)) {
More information about the ffmpeg-cvslog
mailing list