[FFmpeg-cvslog] cdgraphics: Fix out of array write
Michael Niedermayer
git at videolan.org
Mon May 28 19:36:15 CEST 2012
ffmpeg | branch: release/0.11 | Michael Niedermayer <michaelni at gmx.at> | Mon May 28 16:50:15 2012 +0200| [0f9098cb187dd080f4aa58d608de1515dca95134] | committer: Michael Niedermayer
cdgraphics: Fix out of array write
Fixes Ticket1359
Found-by: Piotr Bandurski <ami_stuff at o2.pl>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 1e5c7376c4ed733910845c9a09e272ac7696b1f4)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f9098cb187dd080f4aa58d608de1515dca95134
---
libavcodec/cdgraphics.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c
index d0cc212..d7b8510 100644
--- a/libavcodec/cdgraphics.c
+++ b/libavcodec/cdgraphics.c
@@ -280,6 +280,10 @@ static int cdg_decode_frame(AVCodecContext *avctx,
av_log(avctx, AV_LOG_ERROR, "buffer too small for decoder\n");
return AVERROR(EINVAL);
}
+ if (buf_size > CDG_HEADER_SIZE + CDG_DATA_SIZE) {
+ av_log(avctx, AV_LOG_ERROR, "buffer too big for decoder\n");
+ return AVERROR(EINVAL);
+ }
ret = avctx->reget_buffer(avctx, &cc->frame);
if (ret) {
More information about the ffmpeg-cvslog
mailing list