[FFmpeg-cvslog] exr: fix out-of-bounds read

Andreas Cadhalpun git at videolan.org
Fri Nov 18 01:08:43 EET 2016


ffmpeg | branch: release/3.2 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Wed Nov 16 20:46:56 2016 +0100| [c7d38efbc26b36f445920c9e026923dd88eb2e6e] | committer: Andreas Cadhalpun

exr: fix out-of-bounds read

channel_index can be -1.

This problem was introduced in commit
2dd7b46132e2801ef34fe1b5c27e0113cdcfa2f9.

Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit ffdc5d09e498bee8176c9e35df101c01c546a738)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c7d38efbc26b36f445920c9e026923dd88eb2e6e
---

 libavcodec/exr.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/libavcodec/exr.c b/libavcodec/exr.c
index c250eea..51a8ee6 100644
--- a/libavcodec/exr.c
+++ b/libavcodec/exr.c
@@ -1428,8 +1428,7 @@ static int decode_header(EXRContext *s)
                     return AVERROR_PATCHWELCOME;
                 }
 
-                if (s->channel_offsets[channel_index] == -1){/* channel have not been previously assign */
-                    if (channel_index >= 0) {
+                if (channel_index >= 0 && s->channel_offsets[channel_index] == -1) { /* channel has not been previously assigned */
                         if (s->pixel_type != EXR_UNKNOWN &&
                             s->pixel_type != current_pixel_type) {
                             av_log(s->avctx, AV_LOG_ERROR,
@@ -1438,7 +1437,6 @@ static int decode_header(EXRContext *s)
                         }
                         s->pixel_type                     = current_pixel_type;
                         s->channel_offsets[channel_index] = s->current_channel_offset;
-                    }
                 }
 
                 s->channels = av_realloc(s->channels,



More information about the ffmpeg-cvslog mailing list