[FFmpeg-cvslog] avcodec/shorten: Check skip_bytes()
Michael Niedermayer
git at videolan.org
Wed Jun 17 22:09:43 CEST 2015
ffmpeg | branch: release/2.2 | Michael Niedermayer <michaelni at gmx.at> | Fri May 15 16:48:31 2015 +0200| [16af12a807ce8d5672e9af1ee9e0bbb1b78a393b] | committer: Michael Niedermayer
avcodec/shorten: Check skip_bytes()
Fixes CID1210526
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit d201becfc0d89c6a5dfe44e96f1044fbc2aadb70)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=16af12a807ce8d5672e9af1ee9e0bbb1b78a393b
---
libavcodec/shorten.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 98c1170..93559ee 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -369,6 +369,11 @@ static int read_header(ShortenContext *s)
s->nmean = get_uint(s, 0);
skip_bytes = get_uint(s, NSKIPSIZE);
+ if ((unsigned)skip_bytes > get_bits_left(&s->gb)/8) {
+ av_log(s->avctx, AV_LOG_ERROR, "invalid skip_bytes: %d\n", skip_bytes);
+ return AVERROR_INVALIDDATA;
+ }
+
for (i = 0; i < skip_bytes; i++)
skip_bits(&s->gb, 8);
}
More information about the ffmpeg-cvslog
mailing list