[FFmpeg-cvslog] gifdec: check ff_lzw_decode_init() return value, fix out of array reads
Michael Niedermayer
git at videolan.org
Wed Nov 14 23:54:41 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Nov 14 22:59:22 2012 +0100| [612ecfbbbb3f4238d44cca5f250ffc6147d03ec2] | committer: Michael Niedermayer
gifdec: check ff_lzw_decode_init() return value, fix out of array reads
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=612ecfbbbb3f4238d44cca5f250ffc6147d03ec2
---
libavcodec/gifdec.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c
index 3e7799f..2a61090 100644
--- a/libavcodec/gifdec.c
+++ b/libavcodec/gifdec.c
@@ -67,6 +67,7 @@ static int gif_read_image(GifState *s)
int left, top, width, height, bits_per_pixel, code_size, flags;
int is_interleaved, has_local_palette, y, pass, y1, linesize, n, i;
uint8_t *ptr, *spal, *palette, *ptr1;
+ int ret;
left = bytestream_get_le16(&s->bytestream);
top = bytestream_get_le16(&s->bytestream);
@@ -107,8 +108,11 @@ static int gif_read_image(GifState *s)
/* now get the image data */
code_size = bytestream_get_byte(&s->bytestream);
- ff_lzw_decode_init(s->lzw, code_size, s->bytestream,
- s->bytestream_end - s->bytestream, FF_LZW_GIF);
+ if ((ret = ff_lzw_decode_init(s->lzw, code_size, s->bytestream,
+ s->bytestream_end - s->bytestream, FF_LZW_GIF)) < 0) {
+ av_log(s->avctx, AV_LOG_ERROR, "LZW init failed\n");
+ return ret;
+ }
/* read all the image */
linesize = s->picture.linesize[0];
More information about the ffmpeg-cvslog
mailing list