[FFmpeg-cvslog] avcodec/sgidec: fix count check

Michael Niedermayer git at videolan.org
Mon Oct 27 21:16:29 CET 2014


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Oct 27 20:48:58 2014 +0100| [a050cf0c451bdf1c1bd512c4fce6b6f8a5e85102] | committer: Michael Niedermayer

avcodec/sgidec: fix count check

Fixes: asan_heap-oob_22b30d4_39_038.sgi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a050cf0c451bdf1c1bd512c4fce6b6f8a5e85102
---

 libavcodec/sgidec.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/sgidec.c b/libavcodec/sgidec.c
index 8338863..3ddbf77 100644
--- a/libavcodec/sgidec.c
+++ b/libavcodec/sgidec.c
@@ -98,7 +98,7 @@ static int expand_rle_row16(SgiState *s, uint16_t *out_buf,
             break;
 
         /* Check for buffer overflow. */
-        if (pixelstride * (count - 1) >= len) {
+        if (out_end - out_buf <= pixelstride * (count - 1)) {
             av_log(s->avctx, AV_LOG_ERROR, "Invalid pixel count.\n");
             return AVERROR_INVALIDDATA;
         }



More information about the ffmpeg-cvslog mailing list