[FFmpeg-cvslog] avcodec/g2meet: Check monochrome cursor width

Michael Niedermayer git at videolan.org
Fri Jun 14 21:26:45 CEST 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Jun 14 21:13:47 2013 +0200| [3c4c5ca1c194464f51de87534d15602f99bf9759] | committer: Michael Niedermayer

avcodec/g2meet: Check monochrome cursor width

Fixes out of array write

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3c4c5ca1c194464f51de87534d15602f99bf9759
---

 libavcodec/g2meet.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/g2meet.c b/libavcodec/g2meet.c
index 2aa9b2b..09ed7ce 100644
--- a/libavcodec/g2meet.c
+++ b/libavcodec/g2meet.c
@@ -514,6 +514,11 @@ static int g2m_load_cursor(AVCodecContext *avctx, G2MContext *c,
         return AVERROR_PATCHWELCOME;
     }
 
+    if (cursor_fmt == 1 && cursor_w % 32) {
+        avpriv_report_missing_feature(avctx, "odd monochrome cursor width %d", cursor_w);
+        return AVERROR_PATCHWELCOME;
+    }
+
     tmp = av_realloc(c->cursor, cursor_stride * cursor_h);
     if (!tmp) {
         av_log(avctx, AV_LOG_ERROR, "Cannot allocate cursor buffer\n");



More information about the ffmpeg-cvslog mailing list