[FFmpeg-cvslog] avcodec/cdgraphics: check buffer size before use
Michael Niedermayer
git at videolan.org
Mon May 13 00:52:34 CEST 2013
ffmpeg | branch: release/1.1 | Michael Niedermayer <michaelni at gmx.at> | Tue May 7 21:04:33 2013 +0200| [151c2ca8c797a00927776bb77427dc0c77e641d2] | committer: Michael Niedermayer
avcodec/cdgraphics: check buffer size before use
Fixes out of array accesses
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit ad002e1a13a8df934bd6cb2c84175a4780ab8942)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=151c2ca8c797a00927776bb77427dc0c77e641d2
---
libavcodec/cdgraphics.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c
index 71d9da7..218d68a 100644
--- a/libavcodec/cdgraphics.c
+++ b/libavcodec/cdgraphics.c
@@ -296,7 +296,9 @@ static int cdg_decode_frame(AVCodecContext *avctx,
inst = bytestream_get_byte(&buf);
inst &= CDG_MASK;
buf += 2; /// skipping 2 unneeded bytes
- bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
+
+ if (buf_size > CDG_HEADER_SIZE)
+ bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
if ((command & CDG_MASK) == CDG_COMMAND) {
switch (inst) {
More information about the ffmpeg-cvslog
mailing list