[FFmpeg-cvslog] dv: check buffer size before reading profile.
Ronald S. Bultje
git at videolan.org
Thu Mar 8 03:10:45 CET 2012
ffmpeg | branch: master | Ronald S. Bultje <rsbultje at gmail.com> | Wed Mar 7 13:48:41 2012 -0800| [e97efecec82ca8458a9bbd75a91ebf556abde362] | committer: Ronald S. Bultje
dv: check buffer size before reading profile.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e97efecec82ca8458a9bbd75a91ebf556abde362
---
libavcodec/dvdata.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/libavcodec/dvdata.c b/libavcodec/dvdata.c
index e9929d0..ac6e993 100644
--- a/libavcodec/dvdata.c
+++ b/libavcodec/dvdata.c
@@ -286,11 +286,13 @@ static const DVprofile dv_profiles[] = {
const DVprofile* avpriv_dv_frame_profile(const DVprofile *sys,
const uint8_t* frame, unsigned buf_size)
{
- int i;
+ int i, dsf, stype;
- int dsf = (frame[3] & 0x80) >> 7;
+ if (buf_size < 80*5 + 48 + 4)
+ return NULL;
- int stype = frame[80*5 + 48 + 3] & 0x1f;
+ dsf = (frame[3] & 0x80) >> 7;
+ stype = frame[80*5 + 48 + 3] & 0x1f;
/* 576i50 25Mbps 4:1:1 is a special case */
if (dsf == 1 && stype == 0 && frame[4] & 0x07 /* the APT field */) {
More information about the ffmpeg-cvslog
mailing list