[FFmpeg-cvslog] avcodec/cdgraphics: check buffer size before use

Michael Niedermayer git at videolan.org
Tue May 7 21:11:22 CEST 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue May  7 21:04:33 2013 +0200| [ad002e1a13a8df934bd6cb2c84175a4780ab8942] | committer: Michael Niedermayer

avcodec/cdgraphics: check buffer size before use

Fixes out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ad002e1a13a8df934bd6cb2c84175a4780ab8942
---

 libavcodec/cdgraphics.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c
index d22e9f6..ed2edfe 100644
--- a/libavcodec/cdgraphics.c
+++ b/libavcodec/cdgraphics.c
@@ -289,7 +289,9 @@ static int cdg_decode_frame(AVCodecContext *avctx,
     inst    = bytestream_get_byte(&buf);
     inst    &= CDG_MASK;
     buf += 2;  /// skipping 2 unneeded bytes
-    bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
+
+    if (buf_size > CDG_HEADER_SIZE)
+        bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
 
     if ((command & CDG_MASK) == CDG_COMMAND) {
         switch (inst) {



More information about the ffmpeg-cvslog mailing list