[FFmpeg-cvslog] tm2dec: fix overread

Michael Niedermayer git at videolan.org
Sat Mar 31 22:32:51 CEST 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Mar 31 18:25:44 2012 +0200| [3768445be80090f2c12afa5eb95152dcd389b616] | committer: Michael Niedermayer

tm2dec: fix overread

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3768445be80090f2c12afa5eb95152dcd389b616
---

 libavcodec/truemotion2.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libavcodec/truemotion2.c b/libavcodec/truemotion2.c
index c4f66e8..8f091e7 100644
--- a/libavcodec/truemotion2.c
+++ b/libavcodec/truemotion2.c
@@ -272,7 +272,7 @@ static int tm2_read_stream(TM2Context *ctx, const uint8_t *buf, int stream_id, i
     if(len == 0)
         return 4;
 
-    if (len >= INT_MAX/4-1 || len < 0 || len > buf_size) {
+    if (len >= INT_MAX/4-1 || len < 0 || skip > buf_size) {
         av_log(ctx->avctx, AV_LOG_ERROR, "Error, invalid stream size.\n");
         return -1;
     }



More information about the ffmpeg-cvslog mailing list