[FFmpeg-cvslog] mpeg4videodec: Check that cplx_estimation_* fits in the available space

Thu May 31 20:26:24 CEST 2012

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu May 31 18:54:00 2012 +0200| [b02cc2ddc610cd84bbee5923a642a8324988b28c] | committer: Michael Niedermayer

mpeg4videodec: Check that cplx_estimation_* fits in the available space

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b02cc2ddc610cd84bbee5923a642a8324988b28c
---

 libavcodec/mpeg4videodec.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index bd1910b..263ac99 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -2050,6 +2050,10 @@ static int decode_vop_header(MpegEncContext *s, GetBitContext *gb){
          if(s->pict_type == AV_PICTURE_TYPE_B)
             skip_bits_long(gb, s->cplx_estimation_trash_b);
 
+         if(get_bits_left(gb) < 3) {
+             av_log(s->avctx, AV_LOG_ERROR, "Header truncated\n");
+             return -1;
+         }
          s->intra_dc_threshold= ff_mpeg4_dc_threshold[ get_bits(gb, 3) ];
          if(!s->progressive_sequence){
              s->top_field_first= get_bits1(gb);

