[FFmpeg-cvslog] Check for invalid update parameters in vmd video decoder.

Laurent Aimar git at videolan.org
Sat Oct 1 21:38:48 CEST 2011


ffmpeg | branch: release/0.8 | Laurent Aimar <fenrir at videolan.org> | Sat Sep 24 23:16:18 2011 +0200| [1ed90c84f6ab75af91b08436cefb8ea464f8495b] | committer: Michael Niedermayer

Check for invalid update parameters in vmd video decoder.

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit e7aed1280ea14b60fceae04d71dfd03e1daf2d04)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1ed90c84f6ab75af91b08436cefb8ea464f8495b
---

 libavcodec/vmdav.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/libavcodec/vmdav.c b/libavcodec/vmdav.c
index ebc8c7e..d7cd3bb 100644
--- a/libavcodec/vmdav.c
+++ b/libavcodec/vmdav.c
@@ -204,6 +204,16 @@ static void vmd_decode(VmdVideoContext *s)
     frame_y = AV_RL16(&s->buf[8]);
     frame_width = AV_RL16(&s->buf[10]) - frame_x + 1;
     frame_height = AV_RL16(&s->buf[12]) - frame_y + 1;
+    if (frame_x < 0 || frame_width < 0 ||
+        frame_x >= s->avctx->width ||
+        frame_width > s->avctx->width ||
+        frame_x + frame_width > s->avctx->width)
+        return;
+    if (frame_y < 0 || frame_height < 0 ||
+        frame_y >= s->avctx->height ||
+        frame_height > s->avctx->height ||
+        frame_y + frame_height > s->avctx->height)
+        return;
 
     if ((frame_width == s->avctx->width && frame_height == s->avctx->height) &&
         (frame_x || frame_y)) {



More information about the ffmpeg-cvslog mailing list