[FFmpeg-cvslog] avcodec/sgidec: fix count check
Michael Niedermayer
git at videolan.org
Sat Nov 1 14:33:31 CET 2014
ffmpeg | branch: release/2.3 | Michael Niedermayer <michaelni at gmx.at> | Mon Oct 27 20:48:58 2014 +0100| [5c791b1c9ce0edab69d4aa9b17a967a3b3792a07] | committer: Michael Niedermayer
avcodec/sgidec: fix count check
Fixes: asan_heap-oob_22b30d4_39_038.sgi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit a050cf0c451bdf1c1bd512c4fce6b6f8a5e85102)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c791b1c9ce0edab69d4aa9b17a967a3b3792a07
---
libavcodec/sgidec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/sgidec.c b/libavcodec/sgidec.c
index 8338863..3ddbf77 100644
--- a/libavcodec/sgidec.c
+++ b/libavcodec/sgidec.c
@@ -98,7 +98,7 @@ static int expand_rle_row16(SgiState *s, uint16_t *out_buf,
break;
/* Check for buffer overflow. */
- if (pixelstride * (count - 1) >= len) {
+ if (out_end - out_buf <= pixelstride * (count - 1)) {
av_log(s->avctx, AV_LOG_ERROR, "Invalid pixel count.\n");
return AVERROR_INVALIDDATA;
}
More information about the ffmpeg-cvslog
mailing list