[FFmpeg-cvslog] Fixed invalid read access on extra data in cinepak decoder.
Laurent Aimar
git at videolan.org
Thu Nov 3 03:57:39 CET 2011
ffmpeg | branch: release/0.5 | Laurent Aimar <fenrir at videolan.org> | Sun Sep 11 19:17:43 2011 +0200| [eb6b0ed8be31047002954abe659d2018a4ce3338] | committer: Michael Niedermayer
Fixed invalid read access on extra data in cinepak decoder.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit dc255275f6293a060518271a151e1ce75499e874)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=eb6b0ed8be31047002954abe659d2018a4ce3338
---
libavcodec/cinepak.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
index d0f5adb..c248f00 100644
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -336,7 +336,8 @@ static int cinepak_decode (CinepakContext *s)
* If the frame header is followed by the bytes FE 00 00 06 00 00 then
* this is probably one of the two known files that have 6 extra bytes
* after the frame header. Else, assume 2 extra bytes. */
- if ((s->data[10] == 0xFE) &&
+ if (s->size >= 16 &&
+ (s->data[10] == 0xFE) &&
(s->data[11] == 0x00) &&
(s->data[12] == 0x00) &&
(s->data[13] == 0x06) &&
More information about the ffmpeg-cvslog
mailing list