[FFmpeg-cvslog] cinepak: Fix invalid read access on extra data

Laurent Aimar git at videolan.org
Mon Mar 19 05:30:26 CET 2012


ffmpeg | branch: release/0.8 | Laurent Aimar <fenrir at videolan.org> | Sun Sep 11 19:17:43 2011 +0200| [987f5dc55ed5b1d882ad8d8adb3e51b4e3aa4679] | committer: Reinhard Tartler

cinepak: Fix invalid read access on extra data

Signed-off-by: Janne Grunau <janne-libav at jannau.net>
(cherry picked from commit d239d4b447885cb7c5eee9ce359f34ad6b64f373)

Signed-off-by: Anton Khirnov <anton at khirnov.net>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=987f5dc55ed5b1d882ad8d8adb3e51b4e3aa4679
---

 libavcodec/cinepak.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
index 4bda2a7..c67af0a 100644
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -336,7 +336,8 @@ static int cinepak_decode (CinepakContext *s)
              * If the frame header is followed by the bytes FE 00 00 06 00 00 then
              * this is probably one of the two known files that have 6 extra bytes
              * after the frame header. Else, assume 2 extra bytes. */
-            if ((s->data[10] == 0xFE) &&
+            if (s->size >= 16 &&
+                (s->data[10] == 0xFE) &&
                 (s->data[11] == 0x00) &&
                 (s->data[12] == 0x00) &&
                 (s->data[13] == 0x06) &&



More information about the ffmpeg-cvslog mailing list