[FFmpeg-cvslog] smc: Fix overread.
Michael Niedermayer
git at videolan.org
Mon Mar 5 04:46:18 CET 2012
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Mar 5 03:43:15 2012 +0100| [1007a805a486a1348a0543ac2dd99d823148d25c] | committer: Michael Niedermayer
smc: Fix overread.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1007a805a486a1348a0543ac2dd99d823148d25c
---
libavcodec/smc.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libavcodec/smc.c b/libavcodec/smc.c
index 9ae19ff..a4fc861 100644
--- a/libavcodec/smc.c
+++ b/libavcodec/smc.c
@@ -313,7 +313,7 @@ static void smc_decode_stream(SmcContext *s)
} else
color_table_index = CQUAD * s->buf[stream_ptr++];
- while (n_blocks--) {
+ while (n_blocks-- && stream_ptr + 3 < s->size) {
color_flags = AV_RB32(&s->buf[stream_ptr]);
stream_ptr += 4;
/* flag mask actually acts as a bit shift count here */
More information about the ffmpeg-cvslog
mailing list