[FFmpeg-cvslog] rawdec: fix input overread.
Michael Niedermayer
git at videolan.org
Fri Mar 2 22:42:55 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Mar 2 22:04:00 2012 +0100| [422e3a74b9d783571bec775af64f75e4915c40cc] | committer: Michael Niedermayer
rawdec: fix input overread.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=422e3a74b9d783571bec775af64f75e4915c40cc
---
libavcodec/rawdec.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/rawdec.c b/libavcodec/rawdec.c
index 68b461d..d912ca2 100644
--- a/libavcodec/rawdec.c
+++ b/libavcodec/rawdec.c
@@ -161,13 +161,13 @@ static int raw_decode(AVCodecContext *avctx,
uint8_t *dst = context->buffer;
buf_size = context->length - 256*4;
if (avctx->bits_per_coded_sample == 4){
- for(i=0; 2*i+1 < buf_size; i++){
+ for(i=0; 2*i+1 < buf_size && i<avpkt->size; i++){
dst[2*i+0]= buf[i]>>4;
dst[2*i+1]= buf[i]&15;
}
linesize_align = 8;
} else {
- for(i=0; 4*i+3 < buf_size; i++){
+ for(i=0; 4*i+3 < buf_size && i<avpkt->size; i++){
dst[4*i+0]= buf[i]>>6;
dst[4*i+1]= buf[i]>>4&3;
dst[4*i+2]= buf[i]>>2&3;
More information about the ffmpeg-cvslog
mailing list