[FFmpeg-cvslog] svq1dec: Fix overread on very small input

Michael Niedermayer git at videolan.org
Sun Apr 22 11:52:21 CEST 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sun Apr 22 11:10:17 2012 +0200| [f7c67536fe56336b9c6dcbc87162394c7feb18a5] | committer: Michael Niedermayer

svq1dec: Fix overread on very small input

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f7c67536fe56336b9c6dcbc87162394c7feb18a5
---

 libavcodec/svq1dec.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/libavcodec/svq1dec.c b/libavcodec/svq1dec.c
index e03df08..c36f9fe 100644
--- a/libavcodec/svq1dec.c
+++ b/libavcodec/svq1dec.c
@@ -647,6 +647,9 @@ static int svq1_decode_frame(AVCodecContext *avctx,
   if (s->f_code != 0x20) {
     uint32_t *src = (uint32_t *) (buf + 4);
 
+    if (buf_size < 36)
+        return AVERROR_INVALIDDATA;
+
     for (i=0; i < 4; i++) {
       src[i] = ((src[i] << 16) | (src[i] >> 16)) ^ src[7 - i];
     }



More information about the ffmpeg-cvslog mailing list