[FFmpeg-devel] [PATCH 10/16] qtrle: check for invalid line offset
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Sun Oct 9 00:25:38 CEST 2011
On Sat, Oct 08, 2011 at 11:40:35PM +0200, fenrir at elivagar.org wrote:
> From: Laurent Aimar <fenrir at videolan.org>
>
> ---
> libavcodec/qtrle.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/libavcodec/qtrle.c b/libavcodec/qtrle.c
> index 752bbc1..bd9514a 100644
> --- a/libavcodec/qtrle.c
> +++ b/libavcodec/qtrle.c
> @@ -464,6 +464,10 @@ static int qtrle_decode_frame(AVCodecContext *avctx,
> stream_ptr += 4;
> height = AV_RB16(&s->buf[stream_ptr]);
> stream_ptr += 4;
> + if (start_line >= s->avctx->height ||
> + start_line + height > s->avctx->height)
start_line and height are both only 16 bit, why 2 checks?
Might even be more readable as
height > s->avctx->height - start_line
More information about the ffmpeg-devel
mailing list