[FFmpeg-cvslog] avcodec/cdgraphics: check buffer size before use

Michael Niedermayer git at videolan.org
Mon May 13 00:52:34 CEST 2013


ffmpeg | branch: release/1.1 | Michael Niedermayer <michaelni at gmx.at> | Tue May  7 21:04:33 2013 +0200| [151c2ca8c797a00927776bb77427dc0c77e641d2] | committer: Michael Niedermayer

avcodec/cdgraphics: check buffer size before use

Fixes out of array accesses

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit ad002e1a13a8df934bd6cb2c84175a4780ab8942)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=151c2ca8c797a00927776bb77427dc0c77e641d2
---

 libavcodec/cdgraphics.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/cdgraphics.c b/libavcodec/cdgraphics.c
index 71d9da7..218d68a 100644
--- a/libavcodec/cdgraphics.c
+++ b/libavcodec/cdgraphics.c
@@ -296,7 +296,9 @@ static int cdg_decode_frame(AVCodecContext *avctx,
     inst    = bytestream_get_byte(&buf);
     inst    &= CDG_MASK;
     buf += 2;  /// skipping 2 unneeded bytes
-    bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
+
+    if (buf_size > CDG_HEADER_SIZE)
+        bytestream_get_buffer(&buf, cdg_data, buf_size - CDG_HEADER_SIZE);
 
     if ((command & CDG_MASK) == CDG_COMMAND) {
         switch (inst) {



More information about the ffmpeg-cvslog mailing list