[FFmpeg-cvslog] avcodec/interplayvideo: Check that enough data is available for opcode_0x7 /8/D
Michael Niedermayer
git at videolan.org
Thu Dec 19 00:47:18 CET 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Dec 19 00:17:12 2013 +0100| [8eb76217d0137b7adad438f6c923310fbc1fc4c1] | committer: Michael Niedermayer
avcodec/interplayvideo: Check that enough data is available for opcode_0x7/8/D
Fixes hypothetical use of uninitialized memory, no sample available
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8eb76217d0137b7adad438f6c923310fbc1fc4c1
---
libavcodec/interplayvideo.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/libavcodec/interplayvideo.c b/libavcodec/interplayvideo.c
index 645fc16..542fefe 100644
--- a/libavcodec/interplayvideo.c
+++ b/libavcodec/interplayvideo.c
@@ -197,6 +197,11 @@ static int ipvideo_decode_block_opcode_0x7(IpvideoContext *s, AVFrame *frame)
unsigned char P[2];
unsigned int flags;
+ if (bytestream2_get_bytes_left(&s->stream_ptr) < 4) {
+ av_log(s->avctx, AV_LOG_ERROR, "too little data for opcode 0x7\n");
+ return AVERROR_INVALIDDATA;
+ }
+
/* 2-color encoding */
P[0] = bytestream2_get_byte(&s->stream_ptr);
P[1] = bytestream2_get_byte(&s->stream_ptr);
@@ -236,6 +241,11 @@ static int ipvideo_decode_block_opcode_0x8(IpvideoContext *s, AVFrame *frame)
unsigned char P[4];
unsigned int flags = 0;
+ if (bytestream2_get_bytes_left(&s->stream_ptr) < 12) {
+ av_log(s->avctx, AV_LOG_ERROR, "too little data for opcode 0x8\n");
+ return AVERROR_INVALIDDATA;
+ }
+
/* 2-color encoding for each 4x4 quadrant, or 2-color encoding on
* either top and bottom or left and right halves */
P[0] = bytestream2_get_byte(&s->stream_ptr);
@@ -477,6 +487,11 @@ static int ipvideo_decode_block_opcode_0xD(IpvideoContext *s, AVFrame *frame)
int y;
unsigned char P[2];
+ if (bytestream2_get_bytes_left(&s->stream_ptr) < 4) {
+ av_log(s->avctx, AV_LOG_ERROR, "too little data for opcode 0xD\n");
+ return AVERROR_INVALIDDATA;
+ }
+
/* 4-color block encoding: each 4x4 block is a different color */
for (y = 0; y < 8; y++) {
if (!(y & 3)) {
More information about the ffmpeg-cvslog
mailing list