[FFmpeg-devel] [PATCH 3/3] Fix potential pointer arithmetic overflows in rle_unpack() of vmd video decoder.
fenrir at elivagar.org
fenrir at elivagar.org
Sun Sep 25 00:08:51 CEST 2011
From: Laurent Aimar <fenrir at videolan.org>
---
libavcodec/vmdav.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c
index 98bd485..6729af6 100644
--- a/libavcodec/vmdav.c
+++ b/libavcodec/vmdav.c
@@ -179,13 +179,13 @@ static int rle_unpack(const unsigned char *src, int src_len, int src_count,
l = *ps++;
if (l & 0x80) {
l = (l & 0x7F) * 2;
- if (pd + l > dest_end || ps_end - ps < l)
+ if (dest_end - pd < l || ps_end - ps < l)
return ps - src;
memcpy(pd, ps, l);
ps += l;
pd += l;
} else {
- if (pd + i > dest_end || ps_end - ps < 2)
+ if (dest_end - pd < i || ps_end - ps < 2)
return ps - src;
for (i = 0; i < l; i++) {
*pd++ = ps[0];
--
1.7.2.5
More information about the ffmpeg-devel
mailing list