[FFmpeg-devel] [PATCH 13/16] vqavideo: check for out of bound reads.
fenrir at elivagar.org
fenrir at elivagar.org
Sat Oct 8 23:40:38 CEST 2011
From: Laurent Aimar <fenrir at videolan.org>
---
libavcodec/vqavideo.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/libavcodec/vqavideo.c b/libavcodec/vqavideo.c
index 6772109..005eb59 100644
--- a/libavcodec/vqavideo.c
+++ b/libavcodec/vqavideo.c
@@ -226,6 +226,8 @@ static void decode_format80(const unsigned char *src, int src_size,
src_index += 2;
av_dlog(NULL, "(1) copy %X bytes from absolute pos %X\n", count, src_pos);
CHECK_COUNT();
+ if (src_pos + count >dest_size)
+ return;
for (i = 0; i < count; i++)
dest[dest_index + i] = dest[src_pos + i];
dest_index += count;
@@ -248,6 +250,8 @@ static void decode_format80(const unsigned char *src, int src_size,
src_index += 2;
av_dlog(NULL, "(3) copy %X bytes from absolute pos %X\n", count, src_pos);
CHECK_COUNT();
+ if (src_pos + count >dest_size)
+ return;
for (i = 0; i < count; i++)
dest[dest_index + i] = dest[src_pos + i];
dest_index += count;
@@ -268,6 +272,8 @@ static void decode_format80(const unsigned char *src, int src_size,
src_index += 2;
av_dlog(NULL, "(5) copy %X bytes from relpos %X\n", count, src_pos);
CHECK_COUNT();
+ if (dest_index < src_pos)
+ return;
for (i = 0; i < count; i++)
dest[dest_index + i] = dest[dest_index - src_pos + i];
dest_index += count;
--
1.7.2.5
More information about the ffmpeg-devel
mailing list