[FFmpeg-cvslog] avcodec/interplayvideo: Check that enough data is available for opcode_0x7 /8/D

Michael Niedermayer git at videolan.org
Thu Dec 19 00:47:18 CET 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Dec 19 00:17:12 2013 +0100| [8eb76217d0137b7adad438f6c923310fbc1fc4c1] | committer: Michael Niedermayer

avcodec/interplayvideo: Check that enough data is available for opcode_0x7/8/D

Fixes hypothetical use of uninitialized memory, no sample available

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8eb76217d0137b7adad438f6c923310fbc1fc4c1
---

 libavcodec/interplayvideo.c |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/libavcodec/interplayvideo.c b/libavcodec/interplayvideo.c
index 645fc16..542fefe 100644
--- a/libavcodec/interplayvideo.c
+++ b/libavcodec/interplayvideo.c
@@ -197,6 +197,11 @@ static int ipvideo_decode_block_opcode_0x7(IpvideoContext *s, AVFrame *frame)
     unsigned char P[2];
     unsigned int flags;
 
+    if (bytestream2_get_bytes_left(&s->stream_ptr) < 4) {
+        av_log(s->avctx, AV_LOG_ERROR, "too little data for opcode 0x7\n");
+        return AVERROR_INVALIDDATA;
+    }
+
     /* 2-color encoding */
     P[0] = bytestream2_get_byte(&s->stream_ptr);
     P[1] = bytestream2_get_byte(&s->stream_ptr);
@@ -236,6 +241,11 @@ static int ipvideo_decode_block_opcode_0x8(IpvideoContext *s, AVFrame *frame)
     unsigned char P[4];
     unsigned int flags = 0;
 
+    if (bytestream2_get_bytes_left(&s->stream_ptr) < 12) {
+        av_log(s->avctx, AV_LOG_ERROR, "too little data for opcode 0x8\n");
+        return AVERROR_INVALIDDATA;
+    }
+
     /* 2-color encoding for each 4x4 quadrant, or 2-color encoding on
      * either top and bottom or left and right halves */
     P[0] = bytestream2_get_byte(&s->stream_ptr);
@@ -477,6 +487,11 @@ static int ipvideo_decode_block_opcode_0xD(IpvideoContext *s, AVFrame *frame)
     int y;
     unsigned char P[2];
 
+    if (bytestream2_get_bytes_left(&s->stream_ptr) < 4) {
+        av_log(s->avctx, AV_LOG_ERROR, "too little data for opcode 0xD\n");
+        return AVERROR_INVALIDDATA;
+    }
+
     /* 4-color block encoding: each 4x4 block is a different color */
     for (y = 0; y < 8; y++) {
         if (!(y & 3)) {



More information about the ffmpeg-cvslog mailing list