[FFmpeg-cvslog] mmvideo/mm_decode_inter: check horizontal coordinate too
Michael Niedermayer
git at videolan.org
Thu May 2 22:16:50 CEST 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu May 2 21:52:08 2013 +0200| [8d3c99e825317b7efda5fd12e69896b47c700303] | committer: Michael Niedermayer
mmvideo/mm_decode_inter: check horizontal coordinate too
Fixes out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8d3c99e825317b7efda5fd12e69896b47c700303
---
libavcodec/mmvideo.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/mmvideo.c b/libavcodec/mmvideo.c
index bf47f65..36dc9f9 100644
--- a/libavcodec/mmvideo.c
+++ b/libavcodec/mmvideo.c
@@ -151,6 +151,8 @@ static int mm_decode_inter(MmContext * s, int half_horiz, int half_vert)
int replace_array = bytestream2_get_byte(&s->gb);
for(j=0; j<8; j++) {
int replace = (replace_array >> (7-j)) & 1;
+ if (x + half_horiz >= s->avctx->width)
+ return AVERROR_INVALIDDATA;
if (replace) {
int color = bytestream2_get_byte(&data_ptr);
s->frame.data[0][y*s->frame.linesize[0] + x] = color;
More information about the ffmpeg-cvslog
mailing list