[FFmpeg-devel] [PATCH]Fix overwrite when reading invalid Quickdraw images
Michael Niedermayer
michaelni at gmx.at
Thu May 14 16:55:46 CEST 2015
On Thu, May 14, 2015 at 02:37:21PM +0200, Carl Eugen Hoyos wrote:
> Hi!
>
> Attached patch fixes an overwrite in decode_rle() for invalid pict files.
>
> Please comment, Carl Eugen
> qdrw.c | 2 ++
> 1 file changed, 2 insertions(+)
> 9a329e941d8bc50cb6015d5ab69af79acd9b1d79 patchqdrw2.diff
> diff --git a/libavcodec/qdrw.c b/libavcodec/qdrw.c
> index 6c920aa..85aa5f4 100644
> --- a/libavcodec/qdrw.c
> +++ b/libavcodec/qdrw.c
> @@ -95,6 +95,8 @@ static int decode_rle(AVCodecContext *avctx, AVFrame *p, GetByteContext *gbc,
> pos -= offset;
> pos++;
> }
> + if (pos >= offset)
> + return AVERROR_INVALIDDATA;
> }
> left -= 2;
> } else { /* copy */
ok but theres a 2nd case below which i think needs a similar change
[..]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
It is what and why we do it that matters, not just one of them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150514/8535f9d2/attachment.asc>
More information about the ffmpeg-devel
mailing list