[FFmpeg-cvslog] avcodec/cdgraphics: check buffer size before use

Michael Niedermayer git at videolan.org
Thu May 9 22:52:30 CEST 2013


ffmpeg | branch: release/1.2 | Michael Niedermayer <michaelni at gmx.at> | Tue May  7 21:04:33 2013 +0200| [7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd] | committer: Michael Niedermayer

avcodec/cdgraphics: check buffer size before use

Fixes out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit ad002e1a13a8df934bd6cb2c84175a4780ab8942)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
---

 libavcodec/cdgraphics.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c
index 202211d..94ce6ae 100644
--- a/libavcodec/cdgraphics.c
+++ b/libavcodec/cdgraphics.c
@@ -300,7 +300,9 @@ static int cdg_decode_frame(AVCodecContext *avctx,
     inst    = bytestream_get_byte(&buf);
     inst    &= CDG_MASK;
     buf += 2;  /// skipping 2 unneeded bytes
-    bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
+
+    if (buf_size > CDG_HEADER_SIZE)
+        bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
 
     if ((command & CDG_MASK) == CDG_COMMAND) {
         switch (inst) {



More information about the ffmpeg-cvslog mailing list